Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ruppert.exe

Overview

General Information

Sample name:ruppert.exe
Analysis ID:1578539
MD5:c3242cab034e773dad42d6fbff0b4ecf
SHA1:c4b7daa973a191f9dcd6e6f637602b5683899571
SHA256:fbe49c90e24fb5b6be83157db5a5415411b410c6b13fdb9ef12740a157f60481
Tags:exeuser-aachum
Infos:

Detection

CredGrabber, Meduza Stealer
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Suricata IDS alerts with low severity for network traffic
Terminates after testing mutex exists (may check infected machine status)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ruppert.exe (PID: 7156 cmdline: "C:\Users\user\Desktop\ruppert.exe" MD5: C3242CAB034E773DAD42D6FBFF0B4ECF)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: ruppert.exe PID: 7156JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
        Process Memory Space: ruppert.exe PID: 7156JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.ruppert.exe.259c2a20000.0.raw.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
            0.2.ruppert.exe.259c2a20000.0.unpackJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-19T21:35:12.510376+010020494411A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-19T21:35:12.510376+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              2024-12-19T21:35:12.630643+010020508061A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-19T21:35:12.510376+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP
              2024-12-19T21:35:12.630643+010020508071A Network Trojan was detected192.168.2.44973045.130.145.15215666TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0.2.ruppert.exe.259c2a20000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "45.130.145.152", "grabber_max_size": 4194304, "anti_vm": true, "anti_dbg": true, "self_destruct": false, "extensions": ".txt;.doc;.docx;.pdf;.xls;.xlsx;.log;.db;.sqlite", "build_name": "Work", "links": "", "port": 15666}
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A91EA0 CryptUnprotectData,LocalFree,0_2_00000259C2A91EA0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A55EE0 CryptUnprotectData,LocalFree,0_2_00000259C2A55EE0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A921C0 CryptProtectData,LocalFree,0_2_00000259C2A921C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AF2090 CryptUnprotectData,0_2_00000259C2AF2090
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: ruppert.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AD9810 FindClose,FindFirstFileExW,GetLastError,0_2_00000259C2AD9810
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AD98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00000259C2AD98C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA13B0 GetLogicalDriveStringsW,0_2_00000259C2AA13B0
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
              Source: Joe Sandbox ViewIP Address: 45.130.145.152 45.130.145.152
              Source: Joe Sandbox ViewASN Name: ASBAXETNRU ASBAXETNRU
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: unknownDNS query: name: api.ipify.org
              Source: unknownDNS query: name: api.ipify.org
              Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 45.130.145.152:15666
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: unknownTCP traffic detected without corresponding DNS query: 45.130.145.152
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9E9F0 recv,recv,closesocket,WSACleanup,0_2_00000259C2A9E9F0
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
              Source: global trafficDNS traffic detected: DNS query: api.ipify.org
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmp, ruppert.exe, 00000000.00000002.1959053950.00000259C0E71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9FB30 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,0_2_00000259C2A9FB30
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA3CF0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,0_2_00000259C2AA3CF0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AF26E0 NtAllocateVirtualMemory,0_2_00000259C2AF26E0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA43F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00000259C2AA43F0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ADE9680_2_00000259C2ADE968
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9FB300_2_00000259C2A9FB30
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5B8200_2_00000259C2A5B820
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA08200_2_00000259C2AA0820
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5C8C00_2_00000259C2A5C8C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AD98C00_2_00000259C2AD98C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A4F8B00_2_00000259C2A4F8B0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA8B700_2_00000259C2AA8B70
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5ACC00_2_00000259C2A5ACC0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A4F1C00_2_00000259C2A4F1C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9F2000_2_00000259C2A9F200
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC114C0_2_00000259C2AC114C
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A622D00_2_00000259C2A622D0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA1FF00_2_00000259C2AA1FF0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5CF600_2_00000259C2A5CF60
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A98F600_2_00000259C2A98F60
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA70B00_2_00000259C2AA70B0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA662B0_2_00000259C2AA662B
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AAC55A0_2_00000259C2AAC55A
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA16600_2_00000259C2AA1660
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A813400_2_00000259C2A81340
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB749C0_2_00000259C2AB749C
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC29F40_2_00000259C2AC29F4
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB4A000_2_00000259C2AB4A00
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A79A100_2_00000259C2A79A10
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A889500_2_00000259C2A88950
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC19B80_2_00000259C2AC19B8
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ABF7F40_2_00000259C2ABF7F4
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A6C8200_2_00000259C2A6C820
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB47FC0_2_00000259C2AB47FC
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A967600_2_00000259C2A96760
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA47400_2_00000259C2AA4740
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A928C00_2_00000259C2A928C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB58D00_2_00000259C2AB58D0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8C9300_2_00000259C2A8C930
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB088C0_2_00000259C2AB088C
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A25DB00_2_00000259C2A25DB0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8FDB00_2_00000259C2A8FDB0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB0D980_2_00000259C2AB0D98
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A4FEE00_2_00000259C2A4FEE0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9AE500_2_00000259C2A9AE50
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC9EA00_2_00000259C2AC9EA0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB8C340_2_00000259C2AB8C34
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A57B8D0_2_00000259C2A57B8D
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB2CD00_2_00000259C2AB2CD0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A26D200_2_00000259C2A26D20
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8CC500_2_00000259C2A8CC50
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A951E00_2_00000259C2A951E0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5A1F00_2_00000259C2A5A1F0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A901F00_2_00000259C2A901F0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A982300_2_00000259C2A98230
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A261800_2_00000259C2A26180
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A502E00_2_00000259C2A502E0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ADE2CC0_2_00000259C2ADE2CC
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A6E3200_2_00000259C2A6E320
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8C3000_2_00000259C2A8C300
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8D2A00_2_00000259C2A8D2A0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8CF700_2_00000259C2A8CF70
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A6E1300_2_00000259C2A6E130
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A561300_2_00000259C2A56130
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB70600_2_00000259C2AB7060
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB50440_2_00000259C2AB5044
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8F0400_2_00000259C2A8F040
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A590900_2_00000259C2A59090
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB45F80_2_00000259C2AB45F8
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8C6000_2_00000259C2A8C600
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A266100_2_00000259C2A26610
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A755B00_2_00000259C2A755B0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A686D00_2_00000259C2A686D0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A847100_2_00000259C2A84710
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A766A00_2_00000259C2A766A0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A906A60_2_00000259C2A906A6
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AAB68A0_2_00000259C2AAB68A
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA43F00_2_00000259C2AA43F0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC13C80_2_00000259C2AC13C8
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A483D00_2_00000259C2A483D0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A455200_2_00000259C2A45520
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA05000_2_00000259C2AA0500
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A465100_2_00000259C2A46510
              Source: C:\Users\user\Desktop\ruppert.exeCode function: String function: 00000259C2A4B930 appears 32 times
              Source: C:\Users\user\Desktop\ruppert.exeCode function: String function: 00000259C2A65330 appears 70 times
              Source: C:\Users\user\Desktop\ruppert.exeCode function: String function: 00000259C2A54C00 appears 41 times
              Source: classification engineClassification label: mal92.troj.spyw.winEXE@1/0@1/2
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA5970 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_00000259C2AA5970
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AF2008 AdjustTokenPrivileges,CredEnumerateA,0_2_00000259C2AF2008
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5C8C0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00000259C2A5C8C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A8F1C7 CoCreateInstance,0_2_00000259C2A8F1C7
              Source: C:\Users\user\Desktop\ruppert.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69638D28E841
              Source: ruppert.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\ruppert.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: ruppert.exeStatic PE information: Image base 0x140000000 > 0x60000000
              Source: ruppert.exeStatic file information: File size 2749952 > 1048576
              Source: ruppert.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x24bc00
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
              Source: ruppert.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: ruppert.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: ruppert.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
              Source: ruppert.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
              Source: ruppert.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
              Source: ruppert.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
              Source: ruppert.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_00000259C2A5B820
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9E874 push rbx; iretd 0_2_00000259C2A9E875
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A9E89C push rbx; iretd 0_2_00000259C2A9E89D
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A96480 ExitProcess,OpenMutexA,ExitProcess,CreateMutexA,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,0_2_00000259C2A96480
              Source: C:\Users\user\Desktop\ruppert.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AD9810 FindClose,FindFirstFileExW,GetLastError,0_2_00000259C2AD9810
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AD98C0 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,0_2_00000259C2AD98C0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA13B0 GetLogicalDriveStringsW,0_2_00000259C2AA13B0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AB7348 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,0_2_00000259C2AB7348
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\migration\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\migration\wtr\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmp, ruppert.exe, 00000000.00000002.1959053950.00000259C0E71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\ruppert.exeAPI call chain: ExitProcess graph end nodegraph_0-65161
              Source: C:\Users\user\Desktop\ruppert.exeAPI call chain: ExitProcess graph end nodegraph_0-65166
              Source: C:\Users\user\Desktop\ruppert.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA43F0 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,0_2_00000259C2AA43F0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ADBB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00000259C2ADBB14
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ADBB14 GetLastError,IsDebuggerPresent,OutputDebugStringW,0_2_00000259C2ADBB14
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A5B820 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,0_2_00000259C2A5B820
              Source: C:\Users\user\Desktop\ruppert.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AAF920 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00000259C2AAF920
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AF22D8 SetUnhandledExceptionFilter,0_2_00000259C2AF22D8
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2A951E0 ShellExecuteW,0_2_00000259C2A951E0
              Source: C:\Users\user\Desktop\ruppert.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00000259C2AC795C
              Source: C:\Users\user\Desktop\ruppert.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00000259C2AC7778
              Source: C:\Users\user\Desktop\ruppert.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00000259C2AC6F14
              Source: C:\Users\user\Desktop\ruppert.exeCode function: EnumSystemLocalesW,0_2_00000259C2ABBC68
              Source: C:\Users\user\Desktop\ruppert.exeCode function: GetLocaleInfoW,0_2_00000259C2ABC1A8
              Source: C:\Users\user\Desktop\ruppert.exeCode function: EnumSystemLocalesW,0_2_00000259C2AC7270
              Source: C:\Users\user\Desktop\ruppert.exeCode function: EnumSystemLocalesW,0_2_00000259C2AC7340
              Source: C:\Users\user\Desktop\ruppert.exeCode function: GetLocaleInfoW,0_2_00000259C2AF2398
              Source: C:\Users\user\Desktop\ruppert.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_00000259C2AD9480
              Source: C:\Users\user\Desktop\ruppert.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2ACDC18 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00000259C2ACDC18
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AA0110 GetUserNameW,0_2_00000259C2AA0110
              Source: C:\Users\user\Desktop\ruppert.exeCode function: 0_2_00000259C2AC114C _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00000259C2AC114C

              Stealing of Sensitive Information

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: ruppert.exe PID: 7156, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.ruppert.exe.259c2a20000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.ruppert.exe.259c2a20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: ruppert.exe PID: 7156, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\config
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Source: ruppert.exe, 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Users\user\Desktop\ruppert.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\ruppert.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\Desktop\ruppert.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

              Remote Access Functionality

              barindex
              Yara detected CredGrabber
              Source: Yara matchFile source: Process Memory Space: ruppert.exe PID: 7156, type: MEMORYSTR
              Yara detected Meduza Stealer
              Source: Yara matchFile source: 0.2.ruppert.exe.259c2a20000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.ruppert.exe.259c2a20000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: ruppert.exe PID: 7156, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		1
              Access Token Manipulation              		1
              OS Credential Dumping              		12
              System Time Discovery              		Remote Services1
              Screen Capture              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
              Access Token Manipulation              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory1
              Query Registry              		Remote Desktop Protocol1
              Email Collection              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
              DLL Side-Loading              		2
              Obfuscated Files or Information              		Security Account Manager21
              Security Software Discovery              		SMB/Windows Admin Shares1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS2
              Process Discovery              		Distributed Component Object Model2
              Data from Local System              		2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
              Account Discovery              		SSHKeylogging3
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
              System Network Configuration Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem3
              File and Directory Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow24
              System Information Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              No Antivirus matches

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              api.ipify.org
              		104.26.13.205
              		truefalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://api.ipify.org/false
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.ipify.orgruppert.exe, 00000000.00000002.1959053950.00000259C0E5C000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    104.26.13.205
                    		api.ipify.orgUnited States
                    		13335CLOUDFLARENETUSfalse
                    45.130.145.152
                    		unknownRussian Federation
                    		49392ASBAXETNRUtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1578539
                    Start date and time:2024-12-19 21:34:06 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 3m 44s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:5
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:ruppert.exe
                    Detection:MAL
                    Classification:mal92.troj.spyw.winEXE@1/0@1/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 95%
                    • Number of executed functions: 71
                    • Number of non-executed functions: 115
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Stop behavior analysis, all processes terminated

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing network information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: ruppert.exe

                    Simulations

                    Behavior and APIs

                    No simulations

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    104.26.13.205BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                    • api.ipify.org/
                    lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                    • api.ipify.org/
                    Simple1.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    file.exeGet hashmaliciousUnknownBrowse
                    • api.ipify.org/
                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                    • api.ipify.org/
                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                    • api.ipify.org/
                    file.exeGet hashmaliciousRDPWrap ToolBrowse
                    • api.ipify.org/
                    Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                    • api.ipify.org/
                    file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                    • api.ipify.org/
                    45.130.145.152apilibx64.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                      venomderek.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                        siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                          unique.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            siveria.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                              chelentano.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                  HZ1BUCfTne.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                    9RM52QaURq.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      bv2DbIiZeK.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        api.ipify.orgDHL_231437894819.bat.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        4089137200.exeGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.74.152
                                        iviewers.dllGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                        • 104.26.12.205
                                        script.ps1Get hashmaliciousCredGrabber, Meduza StealerBrowse
                                        • 104.26.12.205
                                        script.htaGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                        • 104.26.12.205
                                        WdlA0C4PkO.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                        • 104.26.12.205
                                        cali.exeGet hashmaliciousAgentTeslaBrowse
                                        • 104.26.13.205
                                        Awb 4586109146.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 104.26.13.205
                                        PO 0309494059506060609696007.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                        • 104.26.12.205
                                        Harrisassoc_Updated_Workplace_Policies_and_Compliance_Guidelines.pdf.pdfGet hashmaliciousHTMLPhisherBrowse
                                        • 172.67.74.152

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        CLOUDFLARENETUShttps://supercrete.lk/m/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 104.17.25.14
                                        Employee_Letter.PDFuJPefyDW1j.urlGet hashmaliciousUnknownBrowse
                                        • 172.67.134.25
                                        file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, LummaC StealerBrowse
                                        • 104.26.0.231
                                        bad.txtGet hashmaliciousAsyncRATBrowse
                                        • 104.21.84.67
                                        wp-cent.exeGet hashmaliciousPython BackDoorBrowse
                                        • 104.20.22.46
                                        wp-cent.exeGet hashmaliciousPython BackDoorBrowse
                                        • 104.20.22.46
                                        (Lhambright)VWAV.htmlGet hashmaliciousUnknownBrowse
                                        • 104.17.25.14
                                        https://usps.com-dscd.top/mumGet hashmaliciousUnknownBrowse
                                        • 172.67.202.68
                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                        • 104.21.67.146
                                        https://ap1s.net/Dm7jHGet hashmaliciousUnknownBrowse
                                        • 172.67.73.44
                                        ASBAXETNRUSwJD3kiOwV.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        • 194.87.47.113
                                        8dw8GAvqmM.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        • 194.87.47.113
                                        UYJ0oreVew.exeGet hashmaliciousUnknownBrowse
                                        • 194.87.47.113
                                        L1SrJoDQvG.exeGet hashmaliciousUnknownBrowse
                                        • 194.87.47.113
                                        Ry6ot1YULB.exeGet hashmaliciousUnknownBrowse
                                        • 194.87.47.113
                                        Cc8zEnIDB2.exeGet hashmaliciousUnknownBrowse
                                        • 194.87.47.113
                                        wlEp68Few5.exeGet hashmaliciousUnknownBrowse
                                        • 194.87.47.113
                                        rJvOqHxkuI.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        • 194.87.47.113
                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                        • 194.87.47.113
                                        NWKk493xTy.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                        • 194.87.47.113

                                        JA3 Fingerprints

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousScreenConnect Tool, LummaC, Amadey, Cryptbot, LummaC Stealer, VidarBrowse
                                        • 104.26.13.205
                                        2JSGOlbNym.dllGet hashmaliciousUnknownBrowse
                                        • 104.26.13.205
                                        4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                        • 104.26.13.205
                                        QCTYoyX422.dllGet hashmaliciousUnknownBrowse
                                        • 104.26.13.205
                                        PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                        • 104.26.13.205
                                        PAYMENT ADVICE 750013-1012449943-81347-pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                        • 104.26.13.205
                                        INVOICE-0098.pdf ... .lnk.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                        • 104.26.13.205
                                        YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                        • 104.26.13.205
                                        F8HYX5HOgA.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                        • 104.26.13.205
                                        0iTxQouy7k.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                        • 104.26.13.205

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        No created / dropped files found

                                        Static File Info

                                        General

                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Entropy (8bit):3.8982634434194434
                                        TrID:
                                        • Win64 Executable GUI (202006/5) 92.65%
                                        • Win64 Executable (generic) (12005/4) 5.51%
                                        • Generic Win/DOS Executable (2004/3) 0.92%
                                        • DOS Executable Generic (2002/1) 0.92%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:ruppert.exe
                                        File size:2'749'952 bytes
                                        MD5:c3242cab034e773dad42d6fbff0b4ecf
                                        SHA1:c4b7daa973a191f9dcd6e6f637602b5683899571
                                        SHA256:fbe49c90e24fb5b6be83157db5a5415411b410c6b13fdb9ef12740a157f60481
                                        SHA512:e74a8e474f4385531387e0f51cff631a8e7c0eacb5d23021f0ac4701f356f869889472814cc5856aef776fefa8703a94578af4feec8e037d89cbe95a409027c3
                                        SSDEEP:24576:V9L8hJZ4uB+Ch0lhSMXl84BqdrZdJAxl21KPETU6D5Q:PL8hD4au/qdrZdyw1KP91
                                        TLSH:58D5F186B3A804F9E1BB9278C8D60A46E777781503519BCF03A486B22F376D35E3E751
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\7...V...V...V.......V.......V.......V......yV..S....V..S....V..S....V.. ....V..P...<V..S....V...V...V..S....V..S.a..V..S....V.

                                        File Icon

                                        Icon Hash:90cececece8e8eb0

                                        Static PE Info

                                        General

                                        Entrypoint:0x14003e230
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x140000000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6762C4F4 [Wed Dec 18 12:49:56 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:6
                                        OS Version Minor:0
                                        File Version Major:6
                                        File Version Minor:0
                                        Subsystem Version Major:6
                                        Subsystem Version Minor:0
                                        Import Hash:259e8414ffd4b8ab603913db518e276c

                                        Entrypoint Preview

                                        Instruction
                                        dec eax
                                        sub esp, 28h
                                        call 00007FB300C2FB4Ch
                                        dec eax
                                        add esp, 28h
                                        jmp 00007FB300C2EFBFh
                                        int3
                                        int3
                                        dec eax
                                        sub esp, 28h
                                        dec ebp
                                        mov eax, dword ptr [ecx+38h]
                                        dec eax
                                        mov ecx, edx
                                        dec ecx
                                        mov edx, ecx
                                        call 00007FB300C2F152h
                                        mov eax, 00000001h
                                        dec eax
                                        add esp, 28h
                                        ret
                                        int3
                                        int3
                                        int3
                                        inc eax
                                        push ebx
                                        inc ebp
                                        mov ebx, dword ptr [eax]
                                        dec eax
                                        mov ebx, edx
                                        inc ecx
                                        and ebx, FFFFFFF8h
                                        dec esp
                                        mov ecx, ecx
                                        inc ecx
                                        test byte ptr [eax], 00000004h
                                        dec esp
                                        mov edx, ecx
                                        je 00007FB300C2F155h
                                        inc ecx
                                        mov eax, dword ptr [eax+08h]
                                        dec ebp
                                        arpl word ptr [eax+04h], dx
                                        neg eax
                                        dec esp
                                        add edx, ecx
                                        dec eax
                                        arpl ax, cx
                                        dec esp
                                        and edx, ecx
                                        dec ecx
                                        arpl bx, ax
                                        dec edx
                                        mov edx, dword ptr [eax+edx]
                                        dec eax
                                        mov eax, dword ptr [ebx+10h]
                                        mov ecx, dword ptr [eax+08h]
                                        dec eax
                                        mov eax, dword ptr [ebx+08h]
                                        test byte ptr [ecx+eax+03h], 0000000Fh
                                        je 00007FB300C2F14Dh
                                        movzx eax, byte ptr [ecx+eax+03h]
                                        and eax, FFFFFFF0h
                                        dec esp
                                        add ecx, eax
                                        dec esp
                                        xor ecx, edx
                                        dec ecx
                                        mov ecx, ecx
                                        pop ebx
                                        jmp 00007FB300C2EB86h
                                        int3
                                        inc eax
                                        push ebx
                                        dec eax
                                        sub esp, 20h
                                        dec eax
                                        mov ebx, ecx
                                        xor ecx, ecx
                                        call dword ptr [0000FE37h]
                                        dec eax
                                        mov ecx, ebx
                                        call dword ptr [0000FE26h]
                                        call dword ptr [0000FD90h]
                                        dec eax
                                        mov ecx, eax
                                        mov edx, C0000409h
                                        dec eax
                                        add esp, 20h
                                        pop ebx
                                        dec eax
                                        jmp dword ptr [0000FE1Ch]
                                        dec eax
                                        mov dword ptr [esp+00h], ecx

                                        Rich Headers

                                        Programming Language:
                                        • [IMP] VS2008 build 21022

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x298c040x8c.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a30000x1e0.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x29e0000x4038.pdata
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2a40000xad0.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x290d800x38.rdata
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x290c400x140.rdata
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x4e0000x438.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x4cdc00x4ce00f0c0ea36bf296498c8b89c1a1671ba6cFalse0.5267625762195122data6.539312086987541IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x4e0000x24ba3a0x24bc007fa4e16ad0e9ae511ee69b6e0f726de7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0x29a0000x330c0x1800d1ebd331d3cf6c8adbb31602bd239ee4False0.1865234375data3.2382802275840623IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .pdata0x29e0000x40380x42008411825e2467307cedb8b6c4f15d3cdfFalse0.47123579545454547data5.575992239724539IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .rsrc0x2a30000x1e00x200fd7f3c77b3b8152760b71a549e0deae5False0.52734375data4.7113407225994175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x2a40000xad00xc0049c311309af6d41eb0a329b47e6c6fccFalse0.4716796875data5.228340394510781IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_MANIFEST0x2a30600x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                        Imports

                                        DLLImport
                                        ntdll.dllRtlImageDirectoryEntryToData, RtlLeaveCriticalSection, RtlEnterCriticalSection, RtlCompareMemory, NtProtectVirtualMemory, RtlImageNtHeader, NtQueryVirtualMemory, RtlGetNtVersionNumbers
                                        KERNEL32.dllFreeEnvironmentStringsW, GetEnvironmentStringsW, VirtualFree, VirtualAlloc, GetModuleHandleW, LoadLibraryA, ReadFile, WriteFile, CreateFileW, CloseHandle, GetProcAddress, GetCurrentProcess, FlushInstructionCache, VirtualQuery, WriteProcessMemory, EnterCriticalSection, GetModuleFileNameW, LeaveCriticalSection, GetModuleHandleA, MultiByteToWideChar, GetWindowsDirectoryW, ExitProcess, WideCharToMultiByte, GetLastError, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, CreateThread, ExitThread, FreeLibrary, FreeLibraryAndExitThread, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetCurrentThreadId, DeleteCriticalSection, GetStdHandle, GetFileType, GetStartupInfoW, RaiseException, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, GetSystemTimeAsFileTime, LoadLibraryExW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapReAlloc, HeapSize, GetProcessHeap, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetStringTypeW, GetFileSizeEx, SetFilePointerEx, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadConsoleW, WriteConsoleW, GetCurrentProcessId, InitializeSListHead, RtlUnwindEx, RtlPcToFileHeader, RtlUnwind, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, WakeAllConditionVariable, QueryPerformanceCounter, LCMapStringEx, DecodePointer, InitializeCriticalSectionEx, GetFileInformationByHandleEx, FormatMessageA, QueryPerformanceFrequency, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, Sleep, WaitForSingleObjectEx, GetExitCodeThread, LocalFree, GetLocaleInfoEx, FindClose, FindFirstFileW, FindFirstFileExW, FindNextFileW, GetFileAttributesExW, AreFileApisANSI
                                        USER32.dllLoadAcceleratorsW, LoadAcceleratorsA
                                        ADVAPI32.dllGetTokenInformation, OpenProcessToken
                                        OLEAUT32.dllSysAllocString, SafeArrayPutElement, SafeArrayUnaccessData, SafeArrayCreate, SafeArrayCreateVector, SafeArrayAccessData, SysFreeString, SafeArrayDestroy
                                        mscoree.dllCLRCreateInstance

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-12-19T21:35:12.510376+01002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.44973045.130.145.15215666TCP
                                        2024-12-19T21:35:12.510376+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                        2024-12-19T21:35:12.510376+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP
                                        2024-12-19T21:35:12.630643+01002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.44973045.130.145.15215666TCP
                                        2024-12-19T21:35:12.630643+01002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.44973045.130.145.15215666TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 19, 2024 21:35:09.687438011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:09.807188988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:09.807409048 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:10.001025915 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:10.001091003 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:10.001178980 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:10.005861044 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:10.005884886 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.230437040 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.230510950 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.422660112 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.422708035 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.423352957 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.423412085 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.424673080 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.471338034 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.757958889 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.758028030 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:11.758033991 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.758068085 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.758421898 CET49731443192.168.2.4104.26.13.205
                                        Dec 19, 2024 21:35:11.758445024 CET44349731104.26.13.205192.168.2.4
                                        Dec 19, 2024 21:35:12.510375977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.630338907 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630353928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630362988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630366087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630372047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630383968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630431890 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630443096 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630564928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630574942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.630642891 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.750436068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750456095 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750551939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750564098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750581980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750610113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750624895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.750654936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.750684977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.750694036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750746965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.750765085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.750814915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.794576883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.794631958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.869528055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.869538069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.869668007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870477915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870486975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870526075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870543003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870553970 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870584965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870595932 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870635986 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870707035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870764017 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870779037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870824099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.870837927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.870893002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989120960 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989248037 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989293098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989358902 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989401102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989413977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989425898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989448071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989470959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989499092 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989516020 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989541054 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989552975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989557981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989608049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989628077 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989655018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989696026 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989712954 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989743948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989765882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989778996 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989809036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989820957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989840031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989851952 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989870071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989881992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989914894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.989952087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.989999056 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990156889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990206957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990520000 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990550995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990561962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990577936 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990592003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990614891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990628004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990643024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990660906 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990680933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990695000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990710020 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990720987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990744114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990756035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990786076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990799904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990812063 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990825891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990847111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990863085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990875959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990889072 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990909100 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990919113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990941048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.990966082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.990986109 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991003036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991043091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991060972 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991072893 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991102934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991125107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991154909 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991169930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991199970 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991213083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991230011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991241932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991272926 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991283894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991295099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991309881 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991329908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991353989 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991367102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991379976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991408110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991421938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991434097 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991451979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:12.991471052 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:12.991496086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109011889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109066010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109080076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109102011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109122992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109158993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109265089 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109277964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109292030 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109307051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109323025 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109354973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109389067 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109410048 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109424114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109474897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109491110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109532118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109544992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109592915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109606028 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109628916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109652042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109673977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109714031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109739065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109761000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109786987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109822989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109836102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109850883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109879971 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109894991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109930992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109946012 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.109960079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.109976053 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110008955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110019922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110032082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110063076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110086918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110162973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110199928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110212088 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110245943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110258102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110279083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110295057 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110326052 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110374928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110393047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110423088 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110444069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110460043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110471964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110512018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110522032 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110547066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110563993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110594034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110660076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110691071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110712051 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110735893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110769987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110799074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110821962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110840082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110905886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110930920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.110955000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.110975027 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.111020088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.111083031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112178087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112190962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112235069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112287998 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112299919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112349987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112369061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112381935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112396955 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112411022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112426996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112447023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112462044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112502098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112535954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112582922 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112709999 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112724066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112771988 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112824917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112848043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112864017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112878084 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112895012 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112916946 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.112947941 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112962008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112976074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.112994909 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113028049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113044977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113058090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113096952 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113128901 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113142967 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113154888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113178015 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113195896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113207102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113224030 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113236904 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113260984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113275051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113289118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113302946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113334894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113352060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113368034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113415956 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113444090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113456011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113467932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113486052 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113501072 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113521099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113534927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113545895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113574028 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113584995 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113626957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113662958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113713026 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113724947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113773108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113782883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113796949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113814116 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113827944 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113842964 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113864899 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113873959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113912106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.113961935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.113976002 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114012957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114028931 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114097118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114109039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114137888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114156961 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114175081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114187002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114221096 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114244938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114270926 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114303112 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114315033 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114329100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114341021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114357948 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114379883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114397049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114414930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114448071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114486933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114500046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.114533901 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.114552975 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.228779078 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.228816032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.228857040 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.228888035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.228914976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.228926897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.228940964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.228976011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.228991032 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229018927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229032040 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229078054 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229154110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229166985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229213953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229259968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229273081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229295969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229309082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229324102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229346037 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229357958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229378939 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229403973 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229414940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229427099 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229468107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229491949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229507923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229547024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229573011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229587078 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229625940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229636908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229650974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229675055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229700089 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229718924 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229731083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229764938 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229789019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229800940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229849100 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229875088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229898930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229912043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229935884 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229949951 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.229964018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.229979992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230000973 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230011940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230031013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230051041 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230058908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230091095 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230108023 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230138063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230154991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230175018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230200052 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230215073 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230222940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230247974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230259895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230279922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230292082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230307102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230335951 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230346918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230365992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230413914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230444908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230496883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230518103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230530977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230576992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230601072 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230628967 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230642080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230678082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230691910 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230701923 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230739117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230750084 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230799913 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230822086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230834007 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230874062 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230895996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230933905 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230946064 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230969906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.230983019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.230999947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231014013 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231025934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231062889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231074095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231100082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231112003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231127024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231138945 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231149912 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231168985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231188059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231201887 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231215000 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231237888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231251001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231292009 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231307983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231344938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231357098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231396914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231409073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231427908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231445074 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231479883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231487989 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231502056 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231534958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231548071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231564999 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231578112 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231618881 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231672049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231683969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231719971 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231755018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231807947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231821060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231862068 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231892109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231914043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.231941938 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231973886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.231991053 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232029915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232042074 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232074976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232085943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232103109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232131004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232147932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232155085 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232181072 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232198000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232230902 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232248068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232279062 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.232295036 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.232342958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233481884 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233536959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233566046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233578920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233616114 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233632088 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233660936 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233675957 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233710051 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233726025 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233747005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233760118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233809948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233833075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233848095 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233896971 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.233939886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233952045 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233967066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.233988047 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234002113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234016895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234049082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234070063 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234083891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234126091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234146118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234163046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234189034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234210014 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234236002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234282970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234303951 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234329939 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234354019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234452009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234463930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234476089 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234488010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234498978 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234534025 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234635115 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234647989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234659910 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234673023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234702110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234723091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234735966 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234751940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234771013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234814882 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234826088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234838963 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234850883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234863043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234880924 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234894991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234916925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234930038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234954119 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234970093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.234987020 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.234999895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235011101 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235023022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235034943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235049963 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235064983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235084057 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235100031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235107899 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235121965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235146999 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235167980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235186100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235197067 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235208988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235220909 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235234022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235255003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235270977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235285044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235297918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235327959 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235348940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235361099 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235375881 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235409975 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235452890 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235466003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235536098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235557079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235569000 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235613108 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235649109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235661983 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235686064 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235704899 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235714912 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235734940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235760927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235804081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235846043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235857964 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235872030 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235898972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235919952 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.235934973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235946894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235985994 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.235995054 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236017942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236033916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236063004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236080885 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236093998 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236135960 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236174107 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236195087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236223936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236253023 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236265898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236279011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236313105 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236330986 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236368895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236381054 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236419916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236444950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236464024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236476898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236511946 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236531973 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236550093 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236561060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236612082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236627102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236639977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236654043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236675978 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236716032 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236736059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236747980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236758947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236788988 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236804962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236860037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236872911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236907959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236929893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.236953974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.236965895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237004995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237014055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237031937 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237056971 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237071991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237082958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237099886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237118959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237143993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237159014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237171888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237217903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237227917 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237246037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237258911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237274885 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237296104 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237308979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237323046 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237349987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237360954 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237396002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237407923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237421036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237452984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237473965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237551928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237564087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237576008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237588882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237601995 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237617016 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237642050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237663984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237677097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237693071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237704992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.237720013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237740993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.237756968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.348593950 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348613024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348685980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.348743916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348757982 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348797083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.348809958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.348877907 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348912001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.348925114 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.348973036 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349024057 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349037886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349075079 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349093914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349297047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349349022 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349369049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349420071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349558115 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349572897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349673033 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349713087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349725008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349755049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349775076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349797010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349836111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349849939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349900961 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349909067 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349926949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.349942923 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.349966049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350017071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350052118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350065947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350095987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350142002 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350156069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350193024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350214005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350264072 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350302935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350318909 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350336075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350347042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350382090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350435972 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350457907 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350481987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350498915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350574017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350600004 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350631952 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350649118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350697994 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350709915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350749969 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350776911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350790977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350824118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350843906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350856066 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350884914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.350898027 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350936890 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.350986958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351007938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351032972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351052999 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351064920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351095915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351106882 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351139069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351279974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351293087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351305008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351326942 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351341009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351356030 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351372004 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351389885 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351418018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351433039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351469040 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351484060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351497889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351517916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351538897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351558924 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351577997 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351603985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351629019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351730108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351753950 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351778030 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351799965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351839066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351850986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351898909 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.351938009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351949930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.351982117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352005005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352034092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352050066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352082968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352097988 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352138042 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352155924 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352178097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352190971 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352202892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352247000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352272034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352300882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352322102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352343082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352358103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352408886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352430105 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352442980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352457047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352475882 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352489948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352505922 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352518082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352530003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352557898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352569103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352586985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352602959 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352663994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352679014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352690935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352722883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352750063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352781057 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352829933 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352874041 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352886915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352899075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352929115 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352955103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.352968931 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.352981091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353010893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353035927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353064060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353076935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353099108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353116035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353130102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353143930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353157997 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353202105 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353219032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353250980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353262901 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353293896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353363037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353404045 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353421926 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353432894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353462934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353485107 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353497028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353528976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353598118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353624105 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353637934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353653908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353665113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353696108 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353730917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353743076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353775024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353790045 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353812933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353825092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.353851080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353873014 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.353985071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354008913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354028940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354048014 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354062080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354074955 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354089022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354100943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354120970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354129076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354140043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354160070 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354176044 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354187965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354218006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354240894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354250908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354264021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354301929 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354315042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354334116 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354353905 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354377031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354389906 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354403973 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354417086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354428053 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354458094 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354485989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354497910 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354526043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354552984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354569912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354600906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354617119 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354640007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354651928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354665995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354681015 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354695082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354707003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354732990 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354749918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354783058 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354794025 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354810953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354823112 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354849100 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354901075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354916096 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354942083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354965925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.354983091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.354995966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355012894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355026007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355045080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355065107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355081081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355096102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355108976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355123997 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355144024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355163097 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355180025 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355223894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355329990 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355364084 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355384111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355402946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355415106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355443001 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355521917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355568886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355700970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355715036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355753899 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355777979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355807066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355822086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.355851889 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.355869055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356004000 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356054068 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356112003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356164932 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356221914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356270075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356489897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356539965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356595039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356626987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356640100 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356674910 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356817961 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.356868982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.356985092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.357033968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.357124090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.357172012 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.357199907 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.357261896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358464003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358513117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358545065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358586073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358629942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358644009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358674049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358719110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358747005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358768940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358783960 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358802080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358820915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358836889 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358869076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358892918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358906984 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.358922005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358947992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358967066 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.358985901 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359021902 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359056950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359070063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359110117 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359122038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359164000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359193087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359239101 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359260082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359307051 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359354019 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359415054 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359446049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359491110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359513044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359540939 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359647989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359661102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359705925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359786987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359811068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359824896 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359838963 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359853983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359878063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359930992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359944105 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.359973907 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.359994888 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360022068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360068083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360084057 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360111952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360131979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360157967 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360187054 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360239983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360256910 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360299110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360354900 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360383987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360404015 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360430002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360450029 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360501051 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360528946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360577106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360621929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360634089 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360656977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360670090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360687017 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360718966 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360779047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360793114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360826015 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360846043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.360929966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360941887 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360965014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.360980034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361004114 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361021996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361089945 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361102104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361139059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361159086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361181021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361221075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361238003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361258030 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361270905 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361299038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361315966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361330032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361356974 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361378908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361421108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361466885 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361547947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361592054 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361629009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361646891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361679077 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361701965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361726999 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361762047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361778975 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361815929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361826897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361850023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361880064 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361896992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361918926 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361933947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.361949921 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.361980915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362009048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362051010 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362145901 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362159014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362206936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362273932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362286091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362298012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362309933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362334013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362375021 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362402916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362415075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362459898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362492085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362504005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362531900 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362561941 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362587929 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362622023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362665892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362680912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362726927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362760067 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362807989 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362824917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362869024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362885952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.362931013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.362970114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.363018036 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.364154100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.364295006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.364356041 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468491077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468561888 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468600988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468616009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468637943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468666077 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468684912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468736887 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468761921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468806982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468868017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468893051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.468913078 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.468936920 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469084024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469106913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469132900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469161034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469181061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469234943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469350100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469402075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469552994 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469598055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469613075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469672918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469701052 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469713926 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469743967 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469768047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469779015 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469811916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.469919920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.469965935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470004082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470055103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470076084 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470118999 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470144033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470160007 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470189095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470212936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470237017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470283031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470313072 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470343113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470355034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470376015 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470388889 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470417976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470477104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470489979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470501900 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470514059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470532894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470549107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470561981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470606089 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470623970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470638037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470664024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470679045 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470700026 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470711946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470726967 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470738888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470748901 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470766068 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470782042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470808983 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470822096 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470856905 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470870972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470887899 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470901012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470930099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470940113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.470961094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470978975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.470999002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471028090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471055031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471067905 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471081972 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471093893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471110106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471120119 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471132994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471160889 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471180916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471193075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471218109 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471240044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471263885 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471295118 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471307039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471339941 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471396923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471409082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471436024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471450090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471488953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471502066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471524954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471551895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471565008 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471580982 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471620083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471647024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471659899 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471690893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471704006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471728086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471743107 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471755981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471769094 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471782923 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471801996 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471810102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471838951 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471863985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471894979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471910954 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471934080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.471955061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.471996069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472014904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472055912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472064018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472078085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472095013 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472111940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472136021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472148895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472188950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472210884 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472223043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472238064 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472253084 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472265959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472281933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472290993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472305059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472322941 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472335100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472346067 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472369909 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472383022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472394943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472407103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472424984 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472434998 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472453117 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472466946 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472493887 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472520113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472534895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472559929 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472579002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472656012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472667933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472713947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472738981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472753048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472774982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472793102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472811937 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472824097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472851038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472871065 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472892046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.472929955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.472969055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473006010 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473036051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473047972 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473074913 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473090887 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473139048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473151922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473182917 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473200083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473368883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473392010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473408937 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473428965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473437071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473470926 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473603010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473617077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473644018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473661900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473680973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473721981 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473757029 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473800898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473820925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473865986 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473884106 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473903894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.473933935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.473946095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474041939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474095106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474116087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474128962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474148035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474160910 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474174023 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474190950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474262953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474277973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474314928 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474330902 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474349022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474369049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474399090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474412918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474493027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474534035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474541903 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474575043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474597931 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474610090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474634886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474649906 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474679947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474694014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474720001 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474733114 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474817991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474864006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474884033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474926949 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.474945068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.474988937 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475014925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475064039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475112915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475125074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475156069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475172997 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475207090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475219965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475248098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475265026 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475394011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475439072 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475477934 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475522041 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475539923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475552082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475584030 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475600004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475617886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475667953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475687027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475729942 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475811958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475831032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475853920 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475871086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475888968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475912094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.475929022 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.475953102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476028919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476041079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476079941 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476105928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476141930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476197004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476222038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476238966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476269007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476280928 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476330042 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476381063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476412058 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476439953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476450920 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476480007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476588964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476603031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476614952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476628065 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476646900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476660013 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476671934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476701021 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476717949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476732969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476756096 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476773024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.476893902 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.476943016 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477030039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477044106 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477067947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477082968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477096081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477111101 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477134943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477153063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477179050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477191925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477216959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477231026 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477310896 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477345943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477358103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477402925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477423906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477467060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477488041 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477500916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477526903 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477540970 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477555037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477592945 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477610111 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477622986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477650881 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477663040 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477770090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477782011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477813959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477828979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477848053 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477860928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477885962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477900028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.477981091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.477993011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478038073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478064060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478080988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478106976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478121996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478152037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478188992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478214025 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478225946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478244066 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478255987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478272915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478290081 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478329897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478379011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478398085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478439093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478461027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478498936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478527069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478557110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478573084 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478595972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478610039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478650093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478662968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478677034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478705883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478722095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478739977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478785038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478815079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478832960 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478854895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478873968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478887081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478900909 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478929043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478944063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.478965998 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.478986025 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479007006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479022980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479044914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479084015 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479109049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479145050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479154110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479180098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479192019 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479217052 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479231119 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479254007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479296923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479337931 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479366064 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479378939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479398966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479420900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479449034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479475975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479515076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479552984 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479564905 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479577065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479589939 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479614019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479624987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479639053 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479655027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479681969 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479693890 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479724884 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479737997 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479752064 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479765892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479779959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479803085 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479816914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479831934 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479860067 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479876995 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479887009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479909897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.479923964 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479945898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.479965925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480009079 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480036974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480048895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480062008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480076075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480092049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480107069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480132103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480171919 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480185986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480197906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480222940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480238914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480339050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480351925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480371952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480384111 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480401039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480420113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480438948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480459929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480473042 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480484962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480509996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480521917 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480540037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480551958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480565071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480581045 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480598927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480618000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480642080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480654955 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480688095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480699062 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480740070 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480770111 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480781078 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480818033 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.480930090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480942965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.480982065 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481053114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481096029 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481117010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481165886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481442928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481455088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481467009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481482983 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481499910 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481517076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481534004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481559992 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481574059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481604099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481617928 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481730938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481745005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481756926 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481769085 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481781960 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481797934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481815100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481827021 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481839895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481856108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481864929 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481883049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481890917 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481904030 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481919050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481930971 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481944084 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.481969118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481981039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.481995106 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482007027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482017994 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482036114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482044935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482065916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482079983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482093096 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482105970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482117891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482140064 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482157946 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482171059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482183933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482194901 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482207060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482219934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482232094 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482258081 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482270956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482284069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482295036 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482312918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482321024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482333899 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482353926 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482376099 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482388020 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482402086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482415915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482439995 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482451916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482465029 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482477903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482491016 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482511997 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482522964 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482537985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482562065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482590914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482604980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482616901 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482634068 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482654095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482682943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482695103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482737064 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482805014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482816935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482846975 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482865095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482888937 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482902050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482932091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482945919 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.482985973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.482997894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483030081 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483042002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483072042 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483113050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483138084 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483180046 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483192921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483213902 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483237028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483253956 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483283043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483294964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483330965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483340979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483375072 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483387947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483407974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483433962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483449936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483498096 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483514071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483526945 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483539104 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483556986 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483573914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483582020 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483620882 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483629942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483647108 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483671904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483695984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483728886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483776093 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483788013 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483817101 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483829975 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.483856916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.483899117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.485964060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.485977888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486011982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486035109 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486057043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486069918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486124992 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486217976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486229897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486243963 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486257076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486270905 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486285925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486308098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486329079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486372948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486392975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486406088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486426115 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486437082 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486454010 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486476898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486488104 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486505985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486519098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486573935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486588955 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486605883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486644983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486661911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486690044 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486702919 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486749887 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486762047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486773968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486785889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486843109 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486876965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486888885 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.486920118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.486932993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487137079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487149954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487160921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487178087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487185955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487200975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487217903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487229109 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487253904 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487272978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487284899 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487297058 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487324953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487343073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487361908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487375021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487386942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487406969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487422943 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487447977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487462044 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487484932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487498045 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487509012 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487523079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487534046 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487546921 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487565041 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487574100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487587929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487601995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487618923 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487629890 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487641096 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487653017 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487670898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487679005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487704039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487719059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487735033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487746954 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487761974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487776041 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487788916 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487803936 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487814903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487829924 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487852097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487864017 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487876892 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487898111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487912893 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487921953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487937927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487955093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487967968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.487977982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.487993002 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.488015890 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.488029957 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.488042116 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.488055944 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.488078117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.488094091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.488106012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.488118887 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.488149881 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.488162994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.513323069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.513344049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.513355970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.513370037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.513396025 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.513438940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.513458014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.513504028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.588613033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588637114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588649035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588665962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588767052 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.588851929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588865995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588915110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.588946104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.588958979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589006901 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589050055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589062929 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589117050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589191914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589205027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589241028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589265108 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589287996 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589301109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589330912 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589351892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589380980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589394093 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589426994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589447021 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589492083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589538097 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589560986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589587927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589610100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589620113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589631081 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589648962 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589662075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589675903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589709044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589735985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589751005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589766979 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589795113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589812994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589868069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589920998 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.589946032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589957952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.589993000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590009928 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590028048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590040922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590054989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590070963 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590094090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590224028 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590238094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590286970 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590322018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590372086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590390921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590404034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590434074 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590450048 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590460062 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590507984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590559006 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590573072 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590600967 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590617895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590626001 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590667963 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590687990 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590734959 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590743065 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590785980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590873957 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590920925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.590931892 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.590981007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591000080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591051102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591125011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591137886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591170073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591185093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591213942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591228008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591240883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591258049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591276884 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591289043 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591309071 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591356993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591375113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591387987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591419935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591438055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591460943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591510057 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591535091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591547966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591579914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591594934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591694117 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591706991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591720104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591737986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591754913 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591785908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591805935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591819048 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591830969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591844082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591856003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591871023 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591886044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591900110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591917038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591929913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.591943979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591968060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.591979027 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592197895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592211962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592225075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592242956 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592256069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592266083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592277050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592293978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592312098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592319965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592333078 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592354059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592361927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592376947 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592400074 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592417955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592628956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592643023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592654943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592667103 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592679024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592694044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592709064 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592721939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592736006 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592747927 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592760086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592772961 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592788935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592812061 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592896938 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592909098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592921019 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592933893 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592947006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592964888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.592977047 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.592988968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593003035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593014956 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593031883 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593044043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593054056 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593075991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593094110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593166113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593178988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593190908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593203068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593216896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593230963 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593249083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593262911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593276024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593301058 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593313932 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593334913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593355894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593389034 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593436956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593450069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593461990 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593487024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593518972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593554974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593569040 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593580008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593592882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593606949 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593628883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593647003 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593741894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593755007 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593766928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593786955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593803883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593811989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593823910 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593837976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593861103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593883991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.593903065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.593945980 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594111919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594125032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594136953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594156027 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594165087 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594182014 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594196081 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594224930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594237089 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594278097 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594306946 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594351053 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594423056 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594435930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594448090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594468117 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594476938 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594490051 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594513893 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594533920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594547033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594558954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594577074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594585896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594607115 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594625950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594638109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594682932 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594711065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594724894 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594753027 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594769001 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594820023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594832897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594865084 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594878912 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.594985962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.594999075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595010996 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595031023 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595040083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595061064 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595081091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595094919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595138073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595201969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595215082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595227003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595246077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595259905 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595276117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595294952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595304012 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595343113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595355034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595380068 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595398903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595407963 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595428944 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595447063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595463991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595478058 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595508099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595523119 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595550060 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595562935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595592976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595606089 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595634937 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595669985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595681906 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595706940 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595725060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595752001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595760107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595794916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.595877886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.595922947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596036911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596084118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596338987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596352100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596385956 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596400023 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596548080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596560001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596600056 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596615076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596626997 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596657038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596676111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596735954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596744061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596791983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596848011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596894979 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.596944094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.596988916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597004890 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597052097 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597131968 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597172976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597186089 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597194910 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597244978 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597443104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597453117 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597495079 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597512007 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597521067 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597563982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597583055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597592115 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597635984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597687006 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597728968 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597742081 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597786903 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597882032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.597927094 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.597954988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598004103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.598120928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598130941 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598172903 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.598294973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598342896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.598361969 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598407984 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.598689079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598737955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.598783970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.598835945 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599009991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599039078 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599057913 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599085093 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599522114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599570036 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599666119 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599673986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599718094 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599759102 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599766970 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599807024 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.599826097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599834919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.599878073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600002050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600011110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600018978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600028038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600052118 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600070000 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600125074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600133896 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600136995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600169897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600186110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600332022 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600341082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600348949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600357056 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600364923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600382090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600397110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600408077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600418091 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600426912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600450993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600470066 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600482941 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600492001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600500107 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.600533009 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.600544930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601003885 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601012945 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601020098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601023912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601027012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601037025 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601047993 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601058006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601078987 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601094961 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601104975 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601114988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601121902 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601139069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601152897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601164103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601172924 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601185083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601191998 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601207018 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601222038 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601233006 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601242065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601248980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601277113 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601295948 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601391077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601401091 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601408958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601418018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601425886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601439953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601454973 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601464033 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601474047 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601481915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601490974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601511002 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601521015 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601531982 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601538897 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601547956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.601574898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.601588964 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602086067 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602093935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602102041 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602109909 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602119923 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602129936 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602143049 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602159977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602171898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602185011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602195978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602205038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602214098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602221966 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602231026 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602241993 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602251053 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602264881 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602271080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602282047 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602288961 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602298021 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602308035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602317095 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602325916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602344990 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602356911 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602379084 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602390051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602402925 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602411985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602421999 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602431059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602447987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602459908 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602473974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602494955 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602505922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602519035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602543116 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602550983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602588892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602636099 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602678061 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602689981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602727890 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602757931 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602783918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602797031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602833033 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602881908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602897882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.602932930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.602946997 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603053093 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603061914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603101969 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603167057 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603174925 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603225946 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603249073 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603256941 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603306055 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603367090 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603375912 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603420019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603440046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603449106 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603456020 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603492022 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603507996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603584051 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603591919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603632927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603683949 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603692055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603766918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603826046 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603835106 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603838921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603893042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.603969097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603977919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.603986025 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604028940 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.604115009 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604123116 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604151964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604183912 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.604209900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.604404926 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604413986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604422092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604494095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.604542017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604598045 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.604727030 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.604779959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605068922 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605077028 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605083942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605092049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605101109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605109930 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605133057 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605160952 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605182886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605226994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605334997 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605384111 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605525017 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605585098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605585098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605611086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605663061 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605740070 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605786085 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605858088 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605920076 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.605937004 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.605984926 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606014013 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606061935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606122971 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606172085 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606281996 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606342077 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606396914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606461048 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606492043 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606504917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606540918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606551886 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606575012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606621981 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606704950 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606755972 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606834888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606872082 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.606888056 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.606913090 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607029915 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607104063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607177973 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607230902 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607259035 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607270956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607326031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607382059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607429028 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607445955 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607494116 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607525110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607585907 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607645988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607695103 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607717991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607764006 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607779980 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607827902 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607852936 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607899904 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607918978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.607970953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.607995987 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608048916 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608064890 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608114958 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608136892 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608190060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608203888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608254910 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608295918 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608314037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608345985 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608361959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608432055 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608481884 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608499050 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608508110 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608561039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608598948 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608619928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608655930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608670950 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608694077 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608751059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608772993 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608823061 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608848095 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608899117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.608942986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.608994007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609046936 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609097004 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609112024 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609164953 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609186888 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609231949 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609385967 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609436035 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609471083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609524965 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609608889 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609616995 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609664917 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609894991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609901905 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609910965 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609945059 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609965086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.609987974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.609997034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610047102 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610111952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610158920 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610184908 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610238075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610263109 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610313892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610332012 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610380888 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610482931 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610491991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610548019 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610610008 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610656977 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610677958 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610722065 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610757113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610801935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610857964 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610904932 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610918045 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.610964060 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.610982895 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611032009 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611044884 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611099005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611119032 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611160040 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611171961 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611219883 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611243010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611294031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611306906 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611358881 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611380100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611424923 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611483097 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611530066 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611552954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611594915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611630917 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611674070 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611694098 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611716986 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611745119 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611757994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611825943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611870050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.611962080 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.611972094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612015009 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612293005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612302065 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612309933 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612344027 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612355947 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612370014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612379074 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612418890 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612431049 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612447977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612476110 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612488031 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.612541914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.612590075 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.615849018 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615861893 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615870953 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615879059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615888119 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615900993 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.615920067 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.615935087 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615952015 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.615962982 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615972996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.615982056 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.615991116 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616002083 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616010904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616020918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616034031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616039991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616050959 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616060019 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616072893 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616077900 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616087914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616096020 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616111994 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616123915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616133928 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616144896 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616153002 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616162062 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616173983 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616180897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616194010 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616200924 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616216898 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616230011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616238117 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616246939 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616255999 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616265059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616277933 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616290092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616300106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616313934 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616336107 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616347075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616355896 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616364956 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616373062 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616381884 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616393089 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616406918 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616416931 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616425037 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616441011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616452932 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616465092 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616476059 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616485119 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616494894 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616506100 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616518021 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616528034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616537094 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616548061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616554976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616564989 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616580009 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616591930 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616599083 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616607904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616616011 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616626978 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616636038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616645098 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616657972 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616666079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616677046 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616689920 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616702080 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616722107 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616731882 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616744995 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616777897 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.616801977 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.616843939 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.632819891 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.632915974 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.632962942 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.633017063 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.678208113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.678287983 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.707951069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708046913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708084106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708103895 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708204985 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708257914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708312988 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708359957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708477974 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708528042 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708544016 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708592892 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708612919 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708623886 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708679914 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708718061 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708728075 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708780050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708807945 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708817005 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.708867073 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.708997011 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.709080935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.709135056 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.709197044 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.712212086 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.724260092 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724349976 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724360943 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724437952 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724530935 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724617004 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724700928 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.724771976 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.724817991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.724878073 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724888086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724895954 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.724906921 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725003004 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725028038 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725106001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725138903 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725251913 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725317001 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725363016 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725372076 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.725464106 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725513935 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725558996 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725614071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725655079 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725703001 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725749969 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725800991 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725846052 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725908041 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.725948095 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726001978 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726042986 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726059914 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726094007 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726102114 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726130962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726140022 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726157904 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726188898 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726211071 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726217031 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726252079 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726252079 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726305962 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726306915 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726350069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726402044 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726442099 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726447105 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726497889 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726500034 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726561069 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726567030 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726613998 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726663113 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726666927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726696014 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726757050 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726758957 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726789951 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726841927 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.726917982 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726947069 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.726994991 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727005005 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.727065086 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727092981 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727144003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727241039 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727268934 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727355003 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.727416039 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.774269104 CET156664973045.130.145.152192.168.2.4
                                        Dec 19, 2024 21:35:13.774441957 CET4973015666192.168.2.445.130.145.152
                                        Dec 19, 2024 21:35:13.774540901 CET4973015666192.168.2.445.130.145.152

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Dec 19, 2024 21:35:09.856362104 CET192.168.2.41.1.1.10xc11fStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Dec 19, 2024 21:35:09.994642019 CET1.1.1.1192.168.2.40xc11fNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                        Dec 19, 2024 21:35:09.994642019 CET1.1.1.1192.168.2.40xc11fNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                        Dec 19, 2024 21:35:09.994642019 CET1.1.1.1192.168.2.40xc11fNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false

                                        HTTPS Proxied Packets

                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449731104.26.13.2054437156C:\Users\user\Desktop\ruppert.exe
                                        TimestampBytes transferredDirectionData
                                        2024-12-19 20:35:11 UTC100OUTGET / HTTP/1.1
                                        Accept: text/html; text/plain; */*
                                        Host: api.ipify.org
                                        Cache-Control: no-cache
                                        2024-12-19 20:35:11 UTC423INHTTP/1.1 200 OK
                                        Date: Thu, 19 Dec 2024 20:35:11 GMT
                                        Content-Type: text/plain
                                        Content-Length: 12
                                        Connection: close
                                        Vary: Origin
                                        cf-cache-status: DYNAMIC
                                        Server: cloudflare
                                        CF-RAY: 8f4a2d7d6e5a0ca2-EWR
                                        server-timing: cfL4;desc="?proto=TCP&rtt=1568&min_rtt=1560&rtt_var=601&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=738&delivery_rate=1798029&cwnd=32&unsent_bytes=0&cid=f7754fa5711365ad&ts=543&x=0"
                                        2024-12-19 20:35:11 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                        Data Ascii: 8.46.123.189


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:15:35:08
                                        Start date:19/12/2024
                                        Path:C:\Users\user\Desktop\ruppert.exe
                                        Wow64 process (32bit):false
                                        Commandline:"C:\Users\user\Desktop\ruppert.exe"
                                        Imagebase:0x7ff675d80000
                                        File size:2'749'952 bytes
                                        MD5 hash:C3242CAB034E773DAD42D6FBFF0B4ECF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1959053950.00000259C0E0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:7.5%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:25.5%
                                          Total number of Nodes:2000
                                          Total number of Limit Nodes:52
                                          execution_graph 63774 259c2a711c0 63775 259c2a711d8 63774->63775 63776 259c2a711e4 ctype 63774->63776 63777 259c2a711f5 ctype 63776->63777 63778 259c2a7132e 63776->63778 63781 259c2aaf3fc 63776->63781 63778->63777 63780 259c2aaf3fc _fread_nolock 46 API calls 63778->63780 63780->63777 63784 259c2aaf41c 63781->63784 63783 259c2aaf414 63783->63776 63785 259c2aaf446 63784->63785 63791 259c2aaf475 63784->63791 63786 259c2aaf492 63785->63786 63787 259c2aaf455 memcpy_s 63785->63787 63785->63791 63793 259c2aaf19c 63786->63793 63808 259c2ab40cc 7 API calls _get_daylight 63787->63808 63790 259c2aaf46a 63809 259c2aafbec 42 API calls _invalid_parameter_noinfo 63790->63809 63791->63783 63796 259c2aaf1cb memcpy_s 63793->63796 63802 259c2aaf1e5 63793->63802 63794 259c2aaf1d5 63830 259c2ab40cc 7 API calls _get_daylight 63794->63830 63796->63794 63796->63802 63806 259c2aaf23a memcpy_s ctype 63796->63806 63799 259c2aaf3bd memcpy_s 63903 259c2ab40cc 7 API calls _get_daylight 63799->63903 63802->63791 63804 259c2aaf1da 63831 259c2aafbec 42 API calls _invalid_parameter_noinfo 63804->63831 63806->63799 63806->63802 63810 259c2abba50 63806->63810 63832 259c2ab40cc 7 API calls _get_daylight 63806->63832 63833 259c2aafbec 42 API calls _invalid_parameter_noinfo 63806->63833 63834 259c2ab7c1c 63806->63834 63840 259c2abd5f0 63806->63840 63808->63790 63809->63791 63811 259c2abba98 63810->63811 63812 259c2abba6d 63810->63812 63816 259c2abbad4 63811->63816 63822 259c2abba7d 63811->63822 63931 259c2abcfdc 7 API calls 2 library calls 63811->63931 63929 259c2ab40cc 7 API calls _get_daylight 63812->63929 63814 259c2abba72 63930 259c2aafbec 42 API calls _invalid_parameter_noinfo 63814->63930 63818 259c2ab7c1c _fread_nolock 42 API calls 63816->63818 63819 259c2abbae6 63818->63819 63904 259c2abd4d0 63819->63904 63821 259c2abbaf3 63821->63822 63823 259c2ab7c1c _fread_nolock 42 API calls 63821->63823 63822->63806 63824 259c2abbb28 63823->63824 63824->63822 63825 259c2ab7c1c _fread_nolock 42 API calls 63824->63825 63826 259c2abbb34 63825->63826 63826->63822 63827 259c2ab7c1c _fread_nolock 42 API calls 63826->63827 63828 259c2abbb41 63827->63828 63829 259c2ab7c1c _fread_nolock 42 API calls 63828->63829 63829->63822 63830->63804 63831->63802 63832->63806 63833->63806 63835 259c2ab7c25 63834->63835 63836 259c2ab7c35 63834->63836 63941 259c2ab40cc 7 API calls _get_daylight 63835->63941 63836->63806 63838 259c2ab7c2a 63942 259c2aafbec 42 API calls _invalid_parameter_noinfo 63838->63942 63841 259c2abd618 63840->63841 63842 259c2abd631 63840->63842 63951 259c2ab40ac 7 API calls _get_daylight 63841->63951 63844 259c2abda0b 63842->63844 63848 259c2abd67c 63842->63848 63977 259c2ab40ac 7 API calls _get_daylight 63844->63977 63845 259c2abd61d 63952 259c2ab40cc 7 API calls _get_daylight 63845->63952 63851 259c2abd685 63848->63851 63852 259c2abd626 63848->63852 63856 259c2abd6b6 63848->63856 63849 259c2abda10 63978 259c2ab40cc 7 API calls _get_daylight 63849->63978 63953 259c2ab40ac 7 API calls _get_daylight 63851->63953 63852->63806 63853 259c2abd691 63979 259c2aafbec 42 API calls _invalid_parameter_noinfo 63853->63979 63855 259c2abd68a 63954 259c2ab40cc 7 API calls _get_daylight 63855->63954 63859 259c2abd6dd 63856->63859 63860 259c2abd717 63856->63860 63861 259c2abd6ea 63856->63861 63859->63861 63869 259c2abd706 63859->63869 63958 259c2abdedc 63860->63958 63955 259c2ab40ac 7 API calls _get_daylight 63861->63955 63865 259c2abd6ef 63956 259c2ab40cc 7 API calls _get_daylight 63865->63956 63943 259c2ac7c7c 63869->63943 63871 259c2abd6f6 63957 259c2aafbec 42 API calls _invalid_parameter_noinfo 63871->63957 63873 259c2abb550 __free_lconv_num 7 API calls 63876 259c2abd739 63873->63876 63875 259c2abd859 63877 259c2abd8b7 ReadFile 63875->63877 63886 259c2abd863 _fread_nolock 63875->63886 63879 259c2abd741 63876->63879 63880 259c2abd75c 63876->63880 63881 259c2abd9d1 __std_fs_directory_iterator_open 63877->63881 63882 259c2abd8dd 63877->63882 63878 259c2abd845 GetConsoleMode 63878->63875 63969 259c2ab40cc 7 API calls _get_daylight 63879->63969 63971 259c2abdcb0 42 API calls 2 library calls 63880->63971 63889 259c2abd9dc 63881->63889 63891 259c2abd887 __std_fs_directory_iterator_open 63881->63891 63882->63881 63885 259c2abd8a6 63882->63885 63893 259c2abd916 63885->63893 63894 259c2abd93b 63885->63894 63897 259c2abd701 63885->63897 63886->63885 63886->63891 63887 259c2abb550 __free_lconv_num 7 API calls 63887->63852 63888 259c2abd746 63970 259c2ab40ac 7 API calls _get_daylight 63888->63970 63975 259c2ab40cc 7 API calls _get_daylight 63889->63975 63891->63897 63972 259c2ab4040 7 API calls 2 library calls 63891->63972 63973 259c2abd208 43 API calls 4 library calls 63893->63973 63894->63897 63898 259c2abd9bf 63894->63898 63897->63887 63974 259c2abd048 43 API calls _fread_nolock 63898->63974 63899 259c2abd9e1 63976 259c2ab40ac 7 API calls _get_daylight 63899->63976 63902 259c2abd9cc 63902->63897 63903->63804 63905 259c2abd4fa 63904->63905 63909 259c2abd52a 63904->63909 63932 259c2ab40ac 7 API calls _get_daylight 63905->63932 63907 259c2abd4ff 63933 259c2ab40cc 7 API calls _get_daylight 63907->63933 63908 259c2abd543 63934 259c2ab40ac 7 API calls _get_daylight 63908->63934 63909->63908 63912 259c2abd581 63909->63912 63914 259c2abd59f 63912->63914 63915 259c2abd58a 63912->63915 63913 259c2abd548 63935 259c2ab40cc 7 API calls _get_daylight 63913->63935 63919 259c2abd5d1 63914->63919 63920 259c2abd5bc 63914->63920 63937 259c2ab40ac 7 API calls _get_daylight 63915->63937 63918 259c2abd58f 63938 259c2ab40cc 7 API calls _get_daylight 63918->63938 63924 259c2abd5f0 _fread_nolock 46 API calls 63919->63924 63939 259c2ab40cc 7 API calls _get_daylight 63920->63939 63928 259c2abd507 63924->63928 63925 259c2abd550 63936 259c2aafbec 42 API calls _invalid_parameter_noinfo 63925->63936 63926 259c2abd5c1 63940 259c2ab40ac 7 API calls _get_daylight 63926->63940 63928->63821 63929->63814 63930->63822 63931->63816 63932->63907 63933->63928 63934->63913 63935->63925 63936->63928 63937->63918 63938->63925 63939->63926 63940->63928 63941->63838 63942->63836 63944 259c2ac7c85 63943->63944 63945 259c2ac7c92 63943->63945 63980 259c2ab40cc 7 API calls _get_daylight 63944->63980 63948 259c2abd826 63945->63948 63981 259c2ab40cc 7 API calls _get_daylight 63945->63981 63948->63875 63948->63878 63949 259c2ac7cc9 63982 259c2aafbec 42 API calls _invalid_parameter_noinfo 63949->63982 63951->63845 63952->63852 63953->63855 63954->63853 63955->63865 63956->63871 63957->63897 63959 259c2abdf27 63958->63959 63962 259c2abdeeb wcsftime 63958->63962 63986 259c2ab40cc 7 API calls _get_daylight 63959->63986 63961 259c2abd728 63964 259c2abb550 63961->63964 63962->63959 63962->63961 63983 259c2ac7f30 63962->63983 63965 259c2abb555 HeapFree 63964->63965 63966 259c2abb586 63964->63966 63965->63966 63967 259c2abb570 __std_fs_directory_iterator_open __free_lconv_num 63965->63967 63966->63873 63992 259c2ab40cc 7 API calls _get_daylight 63967->63992 63969->63888 63970->63897 63971->63869 63972->63897 63973->63897 63974->63902 63975->63899 63976->63897 63977->63849 63978->63853 63979->63852 63980->63948 63981->63949 63982->63948 63987 259c2ac7f70 63983->63987 63986->63961 63988 259c2ac7f7d 63987->63988 63991 259c2aba720 LeaveCriticalSection 63988->63991 63992->63966 63993 259c2aa0ddb RegOpenKeyExA 63994 259c2aa0e05 RegQueryValueExA 63993->63994 64000 259c2aa0e44 ISource 63993->64000 63994->64000 63996 259c2aa0ed4 RegCloseKey 63997 259c2aa0eda 63996->63997 64001 259c2accb70 63997->64001 63999 259c2aa0eed 64000->63996 64000->63997 64002 259c2accb79 64001->64002 64003 259c2accb84 64002->64003 64004 259c2accf4c IsProcessorFeaturePresent 64002->64004 64003->63999 64005 259c2accf64 64004->64005 64008 259c2acd144 RtlCaptureContext RtlLookupFunctionEntry capture_current_context 64005->64008 64007 259c2accf77 64007->63999 64008->64007 64009 259c2ab749c 64010 259c2ab74b2 64009->64010 64011 259c2ab74cd 64009->64011 64037 259c2ab40cc 7 API calls _get_daylight 64010->64037 64011->64010 64013 259c2ab74e6 64011->64013 64015 259c2ab74ec 64013->64015 64016 259c2ab7509 64013->64016 64014 259c2ab74b7 64038 259c2aafbec 42 API calls _invalid_parameter_noinfo 64014->64038 64039 259c2ab40cc 7 API calls _get_daylight 64015->64039 64033 259c2ac16e0 64016->64033 64023 259c2ab7783 64028 259c2ab75c6 64032 259c2ab74c3 64028->64032 64059 259c2ac1724 42 API calls _isindst 64028->64059 64029 259c2ab7566 64029->64032 64058 259c2ac1724 42 API calls _isindst 64029->64058 64034 259c2ab750e 64033->64034 64035 259c2ac16ef 64033->64035 64040 259c2ac07f8 64034->64040 64035->64034 64060 259c2ac1550 64035->64060 64037->64014 64038->64032 64039->64032 64041 259c2ab7523 64040->64041 64042 259c2ac0801 64040->64042 64041->64023 64046 259c2ac0828 64041->64046 64197 259c2ab40cc 7 API calls _get_daylight 64042->64197 64044 259c2ac0806 64198 259c2aafbec 42 API calls _invalid_parameter_noinfo 64044->64198 64047 259c2ab7534 64046->64047 64048 259c2ac0831 64046->64048 64047->64023 64052 259c2ac0858 64047->64052 64199 259c2ab40cc 7 API calls _get_daylight 64048->64199 64050 259c2ac0836 64200 259c2aafbec 42 API calls _invalid_parameter_noinfo 64050->64200 64053 259c2ac0861 64052->64053 64057 259c2ab7545 64052->64057 64201 259c2ab40cc 7 API calls _get_daylight 64053->64201 64055 259c2ac0866 64202 259c2aafbec 42 API calls _invalid_parameter_noinfo 64055->64202 64057->64023 64057->64028 64057->64029 64058->64032 64059->64032 64082 259c2ac9d94 64060->64082 64091 259c2ac9c9c 64082->64091 64083 259c2ac9cd3 64134 259c2ab40cc 7 API calls _get_daylight 64083->64134 64085 259c2ac9cd8 64135 259c2aafbec 42 API calls _invalid_parameter_noinfo 64085->64135 64087 259c2ac9ce4 64138 259c2aba720 LeaveCriticalSection 64087->64138 64091->64082 64091->64083 64091->64087 64136 259c2ac9c04 47 API calls wcsftime 64091->64136 64137 259c2ac62e8 42 API calls 2 library calls 64091->64137 64134->64085 64135->64087 64136->64091 64137->64091 64197->64044 64198->64041 64199->64050 64200->64047 64201->64055 64202->64057 64203 259c2a61925 64210 259c2accb98 64203->64210 64207 259c2a61951 64208 259c2accb70 _Strcoll 3 API calls 64207->64208 64209 259c2a61a33 64208->64209 64211 259c2accba3 64210->64211 64212 259c2a61937 64211->64212 64213 259c2ac7f30 std::_Facet_Register LeaveCriticalSection 64211->64213 64214 259c2accbc2 Concurrency::cancel_current_task 64211->64214 64217 259c2a5fe50 64212->64217 64213->64211 64229 259c2a4b7b0 43 API calls 2 library calls 64214->64229 64216 259c2accbd3 64219 259c2a5fe7e 64217->64219 64220 259c2a5fe9a ctype 64219->64220 64222 259c2a5feca 64219->64222 64224 259c2a5ff22 64219->64224 64228 259c2a5ff5d 64219->64228 64220->64207 64223 259c2accb98 std::_Facet_Register 43 API calls 64222->64223 64225 259c2a5fee0 64222->64225 64223->64225 64226 259c2accb98 std::_Facet_Register 43 API calls 64224->64226 64225->64220 64230 259c2a4b7b0 43 API calls 2 library calls 64225->64230 64226->64220 64231 259c2a4b870 43 API calls 64228->64231 64229->64216 64230->64228 64232 259c2a99fe0 64233 259c2a9a073 64232->64233 64290 259c2a4d6c0 64233->64290 64235 259c2a9a098 ISource 64238 259c2a9a5e7 64235->64238 64299 259c2a4e9a0 64235->64299 64237 259c2a9a146 64237->64238 64244 259c2a9a1a7 ISource 64237->64244 64391 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 64238->64391 64239 259c2a9a104 memcpy_s 64239->64237 64305 259c2aa91d0 64239->64305 64241 259c2accb70 _Strcoll 3 API calls 64245 259c2a9a1d9 64241->64245 64243 259c2a9a60f 64392 259c2a4cc70 43 API calls 64243->64392 64244->64241 64246 259c2a9a229 64247 259c2a9a4d9 64246->64247 64248 259c2a9a26d 64246->64248 64390 259c2a719c0 43 API calls 64247->64390 64320 259c2aa79c0 64248->64320 64252 259c2a9a2a2 64254 259c2a9a342 64252->64254 64255 259c2a9a2bf 64252->64255 64253 259c2a9a636 Concurrency::cancel_current_task 64393 259c2a4cc70 43 API calls 64253->64393 64327 259c2aa6110 64254->64327 64255->64243 64257 259c2a9a2f1 64255->64257 64258 259c2aa5f50 44 API calls 64257->64258 64261 259c2a9a2fe 64258->64261 64260 259c2a9a356 64264 259c2a9a36d 64260->64264 64265 259c2a9a3f0 64260->64265 64262 259c2a60fb0 43 API calls 64261->64262 64263 259c2a9a31e 64262->64263 64376 259c2a70cd0 43 API calls 64263->64376 64264->64253 64269 259c2a9a39f 64264->64269 64268 259c2aa6110 43 API calls 64265->64268 64267 259c2a9a670 Concurrency::cancel_current_task 64394 259c2a4cc70 43 API calls 64267->64394 64270 259c2a9a404 64268->64270 64338 259c2aa5f50 64269->64338 64273 259c2aa6110 43 API calls 64270->64273 64272 259c2a9a3ac 64346 259c2a60fb0 64272->64346 64276 259c2a9a413 64273->64276 64378 259c2a84500 64276->64378 64278 259c2a9a6ae Concurrency::cancel_current_task 64281 259c2a9a423 64281->64267 64282 259c2a9a456 64281->64282 64283 259c2aa5f50 44 API calls 64282->64283 64284 259c2a9a463 64283->64284 64285 259c2a5fe50 43 API calls 64284->64285 64286 259c2a9a473 64285->64286 64287 259c2a60fb0 43 API calls 64286->64287 64288 259c2a9a4a2 64287->64288 64389 259c2a70cd0 43 API calls 64288->64389 64293 259c2a4d700 64290->64293 64291 259c2a4d82a 64396 259c2a54e90 64291->64396 64293->64291 64296 259c2a4d746 64293->64296 64294 259c2a4d832 64408 259c2a4cff0 64294->64408 64298 259c2a4d7aa ctype 64296->64298 64395 259c2a686f0 43 API calls 4 library calls 64296->64395 64298->64235 64300 259c2a4e9d1 64299->64300 64428 259c2ad98c0 64300->64428 64303 259c2accb70 _Strcoll 3 API calls 64304 259c2a4ea72 64303->64304 64304->64239 64465 259c2a61a70 64305->64465 64312 259c2aa92df 64489 259c2a71f80 42 API calls _Strcoll 64312->64489 64313 259c2aa9368 64319 259c2aa9318 64313->64319 64491 259c2a4cc70 43 API calls 64313->64491 64315 259c2aa92f1 64490 259c2a739f0 58 API calls 4 library calls 64315->64490 64317 259c2aa93d2 Concurrency::cancel_current_task 64319->64246 64742 259c2a60840 64320->64742 64322 259c2aa79f6 64750 259c2aaaeb0 64322->64750 64326 259c2aa7a65 64326->64252 64328 259c2aa612f 64327->64328 64337 259c2aa619d Concurrency::cancel_current_task 64327->64337 64331 259c2aa616a 64328->64331 64982 259c2aa8180 43 API calls 64328->64982 64330 259c2aa61c8 64985 259c2a64740 64330->64985 64331->64260 64333 259c2aa61db Concurrency::cancel_current_task 64335 259c2aa618f 64983 259c2aa8240 43 API calls 3 library calls 64335->64983 64984 259c2aa80c0 43 API calls 64337->64984 64341 259c2aa5f62 64338->64341 65081 259c2a72080 64338->65081 64340 259c2aa5f90 64340->64272 64341->64340 65087 259c2a4cc70 43 API calls 64341->65087 64343 259c2aa5fd6 Concurrency::cancel_current_task 64344 259c2aa6017 64343->64344 65088 259c2aaefd8 8 API calls 3 library calls 64343->65088 64344->64272 64347 259c2a60fed 64346->64347 64350 259c2a61310 64347->64350 64351 259c2a610c7 64347->64351 64352 259c2a61026 64347->64352 64370 259c2a61382 ISource 64347->64370 64348 259c2accb70 _Strcoll 3 API calls 64349 259c2a6141f 64348->64349 64377 259c2a70cd0 43 API calls 64349->64377 64353 259c2a613fa 64350->64353 64354 259c2a61333 64350->64354 64350->64370 64364 259c2a610f4 64351->64364 64369 259c2a6143d 64351->64369 65107 259c2a65f40 43 API calls 2 library calls 64351->65107 64368 259c2a61066 64352->64368 64352->64369 65105 259c2a65f40 43 API calls 2 library calls 64352->65105 65100 259c2a5e3a0 64353->65100 64359 259c2a613eb 64354->64359 64367 259c2a6133c 64354->64367 64357 259c2a61307 65116 259c2a61c60 43 API calls ISource 64357->65116 65117 259c2a61c60 43 API calls ISource 64359->65117 64374 259c2a610c2 ISource 64364->64374 65108 259c2a69d50 43 API calls 2 library calls 64364->65108 64367->64369 64367->64370 64368->64374 65106 259c2a69d50 43 API calls 2 library calls 64368->65106 65118 259c2a5e8f0 43 API calls 64369->65118 64370->64348 64371 259c2a5eec0 43 API calls 64371->64374 64373 259c2a69d50 43 API calls 64373->64374 64374->64357 64374->64371 64374->64373 65109 259c2a66000 64374->65109 65114 259c2a70000 64374->65114 64376->64244 64377->64244 64379 259c2a8453d 64378->64379 64380 259c2a8457e 64378->64380 64381 259c2a8455c 64379->64381 65122 259c2a615c0 64379->65122 65135 259c2a64670 64380->65135 64381->64281 64385 259c2a64740 43 API calls 64387 259c2a845b1 Concurrency::cancel_current_task 64385->64387 64388 259c2a845f6 64387->64388 65143 259c2ad97f0 43 API calls __std_fs_directory_iterator_open 64387->65143 64388->64281 64389->64244 64390->64237 64392->64253 64393->64267 64394->64278 64395->64298 64399 259c2a54ebe 64396->64399 64397 259c2a54fb3 64423 259c2a4b870 43 API calls 64397->64423 64399->64397 64401 259c2a54f4d 64399->64401 64402 259c2a54f74 64399->64402 64405 259c2a54eda ctype 64399->64405 64407 259c2a54f5e 64399->64407 64406 259c2accb98 std::_Facet_Register 43 API calls 64401->64406 64401->64407 64404 259c2accb98 std::_Facet_Register 43 API calls 64402->64404 64404->64405 64405->64294 64406->64407 64407->64405 64422 259c2a4b7b0 43 API calls 2 library calls 64407->64422 64420 259c2a4d00f 64408->64420 64409 259c2a4d147 64411 259c2a4d157 64409->64411 64412 259c2a4d20e 64409->64412 64410 259c2a4d11b 64410->64409 64413 259c2a4d170 64410->64413 64426 259c2a5fa70 43 API calls ctype 64411->64426 64427 259c2a615a0 43 API calls 64412->64427 64413->64411 64425 259c2a64c50 43 API calls 4 library calls 64413->64425 64416 259c2a4d105 64416->64298 64419 259c2a4d0fa 64424 259c2a4d870 43 API calls ctype 64419->64424 64420->64410 64420->64419 64422->64397 64424->64416 64425->64411 64426->64416 64431 259c2ad9902 64428->64431 64429 259c2accb70 _Strcoll 3 API calls 64432 259c2a4e9ed 64429->64432 64430 259c2ad9a1d 64460 259c2ad9c94 CreateFileW __std_fs_directory_iterator_open 64430->64460 64431->64430 64434 259c2ad9963 GetFileAttributesExW 64431->64434 64444 259c2ad990b __std_fs_directory_iterator_open 64431->64444 64432->64303 64436 259c2ad99c8 64434->64436 64437 259c2ad9977 __std_fs_directory_iterator_open 64434->64437 64435 259c2ad9a40 64438 259c2ad9a75 GetFileInformationByHandleEx 64435->64438 64439 259c2ad9b13 64435->64439 64451 259c2ad9a46 _invalid_parameter_noinfo 64435->64451 64436->64430 64436->64444 64441 259c2ad9986 FindFirstFileW 64437->64441 64437->64444 64442 259c2ad9ab5 64438->64442 64448 259c2ad9a8f _invalid_parameter_noinfo __std_fs_directory_iterator_open 64438->64448 64440 259c2ad9b2e GetFileInformationByHandleEx 64439->64440 64439->64451 64449 259c2ad9b44 _invalid_parameter_noinfo __std_fs_directory_iterator_open 64440->64449 64440->64451 64443 259c2ad99a5 FindClose 64441->64443 64441->64444 64442->64439 64445 259c2ad9ad6 GetFileInformationByHandleEx 64442->64445 64443->64436 64444->64429 64445->64439 64453 259c2ad9af2 _invalid_parameter_noinfo __std_fs_directory_iterator_open 64445->64453 64446 259c2ad9bd5 64461 259c2ab7bc4 42 API calls __std_fs_directory_iterator_open 64446->64461 64452 259c2ad9be6 64448->64452 64457 259c2ad9a5f 64448->64457 64456 259c2ad9be0 64449->64456 64449->64457 64450 259c2ad9bda 64462 259c2ab7bc4 42 API calls __std_fs_directory_iterator_open 64450->64462 64451->64444 64451->64446 64451->64457 64464 259c2ab7bc4 42 API calls __std_fs_directory_iterator_open 64452->64464 64453->64450 64453->64457 64463 259c2ab7bc4 42 API calls __std_fs_directory_iterator_open 64456->64463 64457->64444 64460->64435 64466 259c2accb98 std::_Facet_Register 43 API calls 64465->64466 64467 259c2a61ad1 64466->64467 64492 259c2ada8fc 64467->64492 64469 259c2a61ae1 64501 259c2a61dd0 64469->64501 64472 259c2a61b7b 64478 259c2a72460 64472->64478 64473 259c2a61b6e 64473->64472 64516 259c2adabc8 EnterCriticalSection FreeLibrary GetProcAddress std::_Lockit::_Lockit 64473->64516 64475 259c2a61b96 64517 259c2a4cc70 43 API calls 64475->64517 64477 259c2a61bd6 Concurrency::cancel_current_task 64529 259c2a614c0 64478->64529 64481 259c2adae38 64482 259c2adae7e 64481->64482 64484 259c2aa92d6 64482->64484 64534 259c2adc510 64482->64534 64484->64312 64484->64313 64485 259c2adaeb1 64485->64484 64551 259c2aaf7cc 42 API calls _invalid_parameter_noinfo 64485->64551 64487 259c2adaecc 64487->64484 64552 259c2aae530 64487->64552 64489->64315 64490->64319 64491->64317 64518 259c2ada29c 64492->64518 64494 259c2ada91e 64497 259c2ada962 ctype 64494->64497 64522 259c2adaaf4 43 API calls std::_Facet_Register 64494->64522 64496 259c2ada936 64523 259c2adab24 43 API calls std::locale::_Setgloballocale 64496->64523 64497->64469 64499 259c2ada941 64499->64497 64524 259c2aaefd8 8 API calls 3 library calls 64499->64524 64502 259c2ada29c std::_Lockit::_Lockit 3 API calls 64501->64502 64503 259c2a61e00 64502->64503 64504 259c2ada29c std::_Lockit::_Lockit 3 API calls 64503->64504 64506 259c2a61e25 64503->64506 64504->64506 64505 259c2a61e9d 64507 259c2accb70 _Strcoll 3 API calls 64505->64507 64506->64505 64526 259c2a4c910 61 API calls 7 library calls 64506->64526 64508 259c2a61b12 64507->64508 64508->64473 64508->64475 64510 259c2a61eaf 64511 259c2a61eb5 64510->64511 64512 259c2a61f16 64510->64512 64527 259c2ada8bc 43 API calls std::_Facet_Register 64511->64527 64528 259c2a4c450 43 API calls 2 library calls 64512->64528 64515 259c2a61f1b 64516->64472 64517->64477 64519 259c2ada2b0 64518->64519 64520 259c2ada2ab 64518->64520 64519->64494 64525 259c2aba73c EnterCriticalSection FreeLibrary GetProcAddress std::_Lockit::_Lockit 64520->64525 64522->64496 64523->64499 64524->64497 64526->64510 64527->64505 64528->64515 64530 259c2accb98 std::_Facet_Register 43 API calls 64529->64530 64531 259c2a61537 64530->64531 64532 259c2ada8fc 47 API calls 64531->64532 64533 259c2a61547 64532->64533 64533->64313 64533->64481 64535 259c2adc43c 64534->64535 64536 259c2adc462 64535->64536 64539 259c2adc495 64535->64539 64571 259c2ab40cc 7 API calls _get_daylight 64536->64571 64538 259c2adc467 64572 259c2aafbec 42 API calls _invalid_parameter_noinfo 64538->64572 64540 259c2adc4a8 64539->64540 64541 259c2adc49b 64539->64541 64560 259c2abb830 64540->64560 64573 259c2ab40cc 7 API calls _get_daylight 64541->64573 64545 259c2adc472 64545->64485 64551->64487 64553 259c2aae560 64552->64553 64706 259c2aae40c 64553->64706 64555 259c2aae579 64556 259c2aae59e 64555->64556 64712 259c2aadb64 42 API calls 2 library calls 64555->64712 64558 259c2aae5b3 64556->64558 64713 259c2aadb64 42 API calls 2 library calls 64556->64713 64558->64484 64561 259c2abb847 64560->64561 64575 259c2abb8a4 64561->64575 64563 259c2abb852 64583 259c2aba720 LeaveCriticalSection 64563->64583 64571->64538 64572->64545 64573->64545 64579 259c2abb8d5 64575->64579 64577 259c2abb931 64578 259c2abb550 __free_lconv_num 7 API calls 64577->64578 64580 259c2abb93b 64578->64580 64579->64579 64582 259c2abb95b 64579->64582 64584 259c2abbbb8 7 API calls 3 library calls 64579->64584 64580->64582 64585 259c2abc358 FreeLibrary GetProcAddress InitializeCriticalSectionAndSpinCount __crtLCMapStringW 64580->64585 64582->64563 64584->64577 64585->64582 64707 259c2aae427 64706->64707 64709 259c2aae455 64706->64709 64728 259c2aafb20 42 API calls _invalid_parameter_noinfo 64707->64728 64711 259c2aae447 64709->64711 64714 259c2aae488 64709->64714 64711->64555 64712->64556 64713->64558 64715 259c2aae4a3 64714->64715 64716 259c2aae4c8 64714->64716 64739 259c2aafb20 42 API calls _invalid_parameter_noinfo 64715->64739 64718 259c2aae4c3 64716->64718 64729 259c2aae23c 64716->64729 64718->64711 64723 259c2ab7c1c _fread_nolock 42 API calls 64724 259c2aae4ed 64723->64724 64740 259c2abb604 43 API calls _invalid_parameter_noinfo 64724->64740 64726 259c2aae4f7 64726->64718 64727 259c2abb550 __free_lconv_num 7 API calls 64726->64727 64727->64718 64728->64711 64730 259c2aae293 64729->64730 64731 259c2aae262 64729->64731 64735 259c2abb990 64730->64735 64731->64730 64732 259c2ab7c1c _fread_nolock 42 API calls 64731->64732 64733 259c2aae283 64732->64733 64741 259c2abb128 42 API calls _invalid_parameter_noinfo 64733->64741 64736 259c2abb9a4 64735->64736 64737 259c2aae4e5 64735->64737 64736->64737 64738 259c2abb550 __free_lconv_num 7 API calls 64736->64738 64737->64723 64738->64737 64739->64718 64740->64726 64741->64730 64743 259c2a60996 64742->64743 64744 259c2a60873 64742->64744 64743->64744 64745 259c2a609a3 64743->64745 64746 259c2accb70 _Strcoll 3 API calls 64744->64746 64809 259c2a65540 43 API calls 3 library calls 64745->64809 64747 259c2a608a2 64746->64747 64747->64322 64749 259c2a609c4 Concurrency::cancel_current_task 64752 259c2aaaf04 64750->64752 64810 259c2ab3fc4 64752->64810 64755 259c2aab011 64833 259c2a97f10 64755->64833 64758 259c2accb70 _Strcoll 3 API calls 64759 259c2aa7a59 64758->64759 64760 259c2aa8b70 64759->64760 64761 259c2aa8e81 64760->64761 64765 259c2aa8bbb memcpy_s 64760->64765 64922 259c2aac4d0 64761->64922 64763 259c2aa8eb4 64764 259c2aa9610 43 API calls 64763->64764 64770 259c2aa8ec0 64764->64770 64956 259c2a84f50 43 API calls 64765->64956 64767 259c2aa8c0b 64772 259c2aa9610 43 API calls 64767->64772 64768 259c2aa8e7c ISource 64771 259c2accb70 _Strcoll 3 API calls 64768->64771 64769 259c2a60840 43 API calls 64773 259c2aa907c 64769->64773 64803 259c2aa8fc8 ISource 64770->64803 64962 259c2a88950 43 API calls 4 library calls 64770->64962 64774 259c2aa910c 64771->64774 64783 259c2aa8c27 64772->64783 64775 259c2a60fb0 43 API calls 64773->64775 64774->64326 64779 259c2aa90b6 64775->64779 64777 259c2aa8e15 64782 259c2aa8e6f 64777->64782 64788 259c2a60840 43 API calls 64777->64788 64778 259c2aa8dcd 64781 259c2a60840 43 API calls 64778->64781 64779->64768 64784 259c2aa9160 64779->64784 64780 259c2aa8f33 64963 259c2a85630 43 API calls _Strcoll 64780->64963 64787 259c2aa8de8 64781->64787 64961 259c2a84d70 43 API calls ISource 64782->64961 64807 259c2aa8db4 ISource 64783->64807 64957 259c2a88950 43 API calls 4 library calls 64783->64957 64966 259c2a84110 43 API calls 64784->64966 64792 259c2a60fb0 43 API calls 64787->64792 64788->64787 64792->64782 64793 259c2aa8f42 ISource 64801 259c2aa91a7 Concurrency::cancel_current_task 64793->64801 64805 259c2aa9178 Concurrency::cancel_current_task 64793->64805 64964 259c2aceae0 8 API calls _Yarn 64793->64964 64795 259c2aa8c99 64958 259c2a85630 43 API calls _Strcoll 64795->64958 64796 259c2aa8fba 64965 259c2aceae0 8 API calls _Yarn 64796->64965 64798 259c2aa8ca9 64798->64784 64800 259c2aa8cbe ISource 64798->64800 64800->64805 64959 259c2aceae0 8 API calls _Yarn 64800->64959 64803->64769 64803->64779 64803->64784 64803->64801 64804 259c2aa8d29 64960 259c2aceae0 8 API calls _Yarn 64804->64960 64967 259c2a84110 43 API calls 64805->64967 64807->64777 64807->64778 64808 259c2aa8d37 ISource 64808->64805 64808->64807 64809->64749 64811 259c2ab81fc _Getctype 42 API calls 64810->64811 64812 259c2ab3fcd 64811->64812 64813 259c2aba488 _Getctype 42 API calls 64812->64813 64814 259c2aaafea 64813->64814 64815 259c2aa9610 64814->64815 64816 259c2aa9633 64815->64816 64820 259c2aa9680 64815->64820 64838 259c2aaabc0 64816->64838 64818 259c2aaabc0 43 API calls 64818->64820 64819 259c2aa9638 64819->64820 64821 259c2aaabc0 43 API calls 64819->64821 64820->64818 64832 259c2aa96d3 64820->64832 64822 259c2aa9647 64821->64822 64823 259c2aa965d 64822->64823 64824 259c2aaabc0 43 API calls 64822->64824 64825 259c2accb70 _Strcoll 3 API calls 64823->64825 64826 259c2aa9656 64824->64826 64827 259c2aa967a 64825->64827 64826->64820 64826->64823 64827->64755 64828 259c2aa97d8 64829 259c2accb70 _Strcoll 3 API calls 64828->64829 64831 259c2aa992b 64829->64831 64830 259c2aaabc0 43 API calls 64830->64832 64831->64755 64832->64828 64832->64830 64834 259c2a97f47 64833->64834 64835 259c2a97f1e 64833->64835 64834->64758 64835->64834 64921 259c2a4cc70 43 API calls 64835->64921 64837 259c2a97f7e Concurrency::cancel_current_task 64839 259c2aaabe3 64838->64839 64841 259c2aaabdd 64838->64841 64842 259c2aaabfa 64839->64842 64853 259c2a71370 64839->64853 64840 259c2aaac67 64840->64819 64841->64840 64872 259c2a8b010 64841->64872 64842->64841 64844 259c2aaac94 64842->64844 64884 259c2a4cc70 43 API calls 64844->64884 64846 259c2aaacd6 Concurrency::cancel_current_task 64850 259c2aaad15 64846->64850 64885 259c2a65990 43 API calls 4 library calls 64846->64885 64848 259c2aaadc0 64848->64819 64849 259c2aaabc0 43 API calls 64849->64850 64850->64848 64850->64849 64886 259c2a65990 43 API calls 4 library calls 64850->64886 64855 259c2a713ad 64853->64855 64854 259c2a713bd ISource 64856 259c2accb70 _Strcoll 3 API calls 64854->64856 64855->64854 64857 259c2a71443 64855->64857 64858 259c2a71421 64855->64858 64859 259c2a715ef 64856->64859 64861 259c2aae614 42 API calls 64857->64861 64887 259c2aae614 64858->64887 64859->64842 64866 259c2a71471 ctype 64861->64866 64863 259c2a71677 64865 259c2a716a4 64863->64865 64871 259c2a71370 43 API calls 64863->64871 64864 259c2a71591 64864->64854 64864->64863 64865->64842 64866->64864 64868 259c2aae614 42 API calls 64866->64868 64870 259c2a71627 64866->64870 64904 259c2a65990 43 API calls 4 library calls 64866->64904 64867 259c2a716bb 64867->64842 64868->64866 64870->64864 64905 259c2aaf10c 42 API calls 2 library calls 64870->64905 64871->64867 64875 259c2a8b05a 64872->64875 64882 259c2a8b08a ctype 64872->64882 64874 259c2a8b1b6 64920 259c2a4b7b0 43 API calls 2 library calls 64874->64920 64877 259c2a8b076 64875->64877 64878 259c2a8b0da 64875->64878 64875->64882 64876 259c2accb98 std::_Facet_Register 43 API calls 64876->64882 64877->64874 64877->64876 64880 259c2accb98 std::_Facet_Register 43 API calls 64878->64880 64880->64882 64881 259c2a8b1bc 64883 259c2a8b173 ISource 64882->64883 64919 259c2a5e8f0 43 API calls 64882->64919 64883->64840 64884->64846 64885->64850 64886->64850 64888 259c2aae630 64887->64888 64892 259c2aae64e 64887->64892 64912 259c2ab40cc 7 API calls _get_daylight 64888->64912 64890 259c2aae635 64913 259c2aafbec 42 API calls _invalid_parameter_noinfo 64890->64913 64895 259c2ab7c1c _fread_nolock 42 API calls 64892->64895 64897 259c2aae672 64892->64897 64893 259c2aae6e4 64914 259c2ab40cc 7 API calls _get_daylight 64893->64914 64894 259c2aae70f 64906 259c2aae5d0 64894->64906 64895->64897 64897->64893 64897->64894 64899 259c2aae6e9 64915 259c2aafbec 42 API calls _invalid_parameter_noinfo 64899->64915 64900 259c2aae640 64900->64854 64902 259c2aae6f4 64916 259c2acedc4 RtlUnwind 64902->64916 64904->64866 64905->64870 64907 259c2aae5dc 64906->64907 64911 259c2aae5ec 64906->64911 64917 259c2ab40cc 7 API calls _get_daylight 64907->64917 64909 259c2aae5e1 64918 259c2aafbec 42 API calls _invalid_parameter_noinfo 64909->64918 64911->64900 64912->64890 64913->64900 64914->64899 64915->64902 64916->64900 64917->64909 64918->64911 64920->64881 64921->64837 64923 259c2aac54d 64922->64923 64968 259c2a88950 43 API calls 4 library calls 64923->64968 64925 259c2aad182 64969 259c2a85630 43 API calls _Strcoll 64925->64969 64927 259c2aad192 64928 259c2aad1fd 64927->64928 64929 259c2aad19d 64927->64929 64971 259c2a84110 43 API calls 64928->64971 64970 259c2a4ed70 8 API calls __std_exception_destroy 64929->64970 64932 259c2aad209 Concurrency::cancel_current_task 64972 259c2a84110 43 API calls 64932->64972 64934 259c2aad226 Concurrency::cancel_current_task 64973 259c2a84110 43 API calls 64934->64973 64936 259c2aad1b1 64937 259c2accb70 _Strcoll 3 API calls 64936->64937 64939 259c2aad1e6 64937->64939 64938 259c2aad243 Concurrency::cancel_current_task 64974 259c2a8a710 43 API calls 64938->64974 64939->64763 64941 259c2aad260 Concurrency::cancel_current_task 64975 259c2a84110 43 API calls 64941->64975 64943 259c2aad27d Concurrency::cancel_current_task 64976 259c2a84110 43 API calls 64943->64976 64945 259c2aad29a Concurrency::cancel_current_task 64977 259c2a84110 43 API calls 64945->64977 64947 259c2aad2b7 Concurrency::cancel_current_task 64978 259c2a84110 43 API calls 64947->64978 64949 259c2aad2d4 Concurrency::cancel_current_task 64979 259c2a84110 43 API calls 64949->64979 64951 259c2aad2f1 Concurrency::cancel_current_task 64980 259c2a84110 43 API calls 64951->64980 64953 259c2aad30e Concurrency::cancel_current_task 64981 259c2a84110 43 API calls 64953->64981 64955 259c2aad32b Concurrency::cancel_current_task 64955->64763 64956->64767 64957->64795 64958->64798 64959->64804 64960->64808 64961->64768 64962->64780 64963->64793 64964->64796 64965->64803 64966->64805 64967->64801 64968->64925 64969->64927 64970->64936 64971->64932 64972->64934 64973->64938 64974->64941 64975->64943 64976->64945 64977->64947 64978->64949 64979->64951 64980->64953 64981->64955 64982->64335 64983->64337 64984->64330 64986 259c2a64797 64985->64986 64996 259c2a4eaa0 64986->64996 64988 259c2a647d5 65018 259c2a69c80 64988->65018 64990 259c2a647e9 ISource 64993 259c2a649a4 64990->64993 65028 259c2acea50 64990->65028 64992 259c2a64924 ISource 64992->64993 64994 259c2accb70 _Strcoll 3 API calls 64992->64994 64995 259c2a64996 64994->64995 64995->64333 64997 259c2a4eadb 64996->64997 64998 259c2a4ebd1 64997->64998 65034 259c2a651e0 64997->65034 65054 259c2a60dc0 64998->65054 65001 259c2a4ebea 65002 259c2a60dc0 43 API calls 65001->65002 65003 259c2a4ec03 65002->65003 65004 259c2a4ec10 65003->65004 65059 259c2a65990 43 API calls 4 library calls 65003->65059 65006 259c2a60dc0 43 API calls 65004->65006 65007 259c2a4ec5a 65006->65007 65008 259c2a60dc0 43 API calls 65007->65008 65009 259c2a4ec6f 65008->65009 65010 259c2a4ecb3 ISource 65009->65010 65012 259c2a4ecec 65009->65012 65011 259c2accb70 _Strcoll 3 API calls 65010->65011 65013 259c2a4ecd8 65011->65013 65060 259c2aceae0 8 API calls _Yarn 65012->65060 65013->64988 65015 259c2a4ed35 65061 259c2aceae0 8 API calls _Yarn 65015->65061 65017 259c2a4ed42 ISource 65017->64988 65019 259c2a69ce4 65018->65019 65020 259c2a69cd8 65018->65020 65022 259c2a60dc0 43 API calls 65019->65022 65021 259c2a651e0 43 API calls 65020->65021 65021->65019 65023 259c2a69d01 65022->65023 65024 259c2a60dc0 43 API calls 65023->65024 65025 259c2a69d1a 65024->65025 65026 259c2a60dc0 43 API calls 65025->65026 65027 259c2a69d33 65026->65027 65027->64990 65029 259c2acea71 65028->65029 65033 259c2aceabb 65028->65033 65030 259c2aceaa6 65029->65030 65029->65033 65079 259c2ab6fc0 42 API calls 2 library calls 65029->65079 65080 259c2aaefd8 8 API calls 3 library calls 65030->65080 65033->64992 65035 259c2a6531a 65034->65035 65040 259c2a65209 65034->65040 65062 259c2a4b870 43 API calls 65035->65062 65037 259c2a6526e 65039 259c2accb98 std::_Facet_Register 43 API calls 65037->65039 65038 259c2a6531f 65063 259c2a4b7b0 43 API calls 2 library calls 65038->65063 65046 259c2a65254 ctype 65039->65046 65040->65037 65042 259c2a6529d 65040->65042 65043 259c2a65261 65040->65043 65040->65046 65044 259c2accb98 std::_Facet_Register 43 API calls 65042->65044 65043->65037 65043->65038 65044->65046 65045 259c2a6538c 65047 259c2accb98 std::_Facet_Register 43 API calls 65045->65047 65046->65045 65048 259c2a653da 65046->65048 65049 259c2a653e5 65046->65049 65052 259c2a652e7 ISource ctype 65046->65052 65047->65052 65048->65045 65050 259c2a6541f 65048->65050 65051 259c2accb98 std::_Facet_Register 43 API calls 65049->65051 65064 259c2a4b7b0 43 API calls 2 library calls 65050->65064 65051->65052 65052->64998 65055 259c2a60e22 65054->65055 65058 259c2a60de3 ctype 65054->65058 65065 259c2a65cb0 65055->65065 65057 259c2a60e3b 65057->65001 65058->65001 65059->65004 65060->65015 65061->65017 65063->65046 65064->65052 65066 259c2a65e26 65065->65066 65068 259c2a65ce8 65065->65068 65077 259c2a4b870 43 API calls 65066->65077 65067 259c2a65d4d 65071 259c2accb98 std::_Facet_Register 43 API calls 65067->65071 65068->65067 65073 259c2a65d40 65068->65073 65074 259c2a65d7c 65068->65074 65076 259c2a65d33 ISource ctype 65068->65076 65070 259c2a65e2b 65078 259c2a4b7b0 43 API calls 2 library calls 65070->65078 65071->65076 65073->65067 65073->65070 65075 259c2accb98 std::_Facet_Register 43 API calls 65074->65075 65075->65076 65076->65057 65078->65076 65079->65030 65080->65033 65082 259c2a720ea 65081->65082 65083 259c2a7209a 65081->65083 65082->64341 65089 259c2a71e90 65083->65089 65085 259c2a720d4 65086 259c2aae530 43 API calls 65085->65086 65086->65082 65087->64343 65088->64343 65090 259c2a71eb3 65089->65090 65091 259c2a71f62 65089->65091 65090->65091 65094 259c2a71ebd 65090->65094 65092 259c2accb70 _Strcoll 3 API calls 65091->65092 65093 259c2a71f71 65092->65093 65093->65085 65097 259c2a71f01 65094->65097 65099 259c2aaec88 42 API calls _invalid_parameter_noinfo 65094->65099 65095 259c2accb70 _Strcoll 3 API calls 65096 259c2a71f1e 65095->65096 65096->65085 65097->65095 65099->65097 65101 259c2a5e3f1 65100->65101 65103 259c2a5e3bf ISource 65100->65103 65102 259c2a66000 43 API calls 65102->65103 65103->65101 65103->65102 65104 259c2a70000 43 API calls 65103->65104 65104->65103 65106->64368 65108->64364 65110 259c2a66051 65109->65110 65113 259c2a6601c ISource 65109->65113 65110->64374 65111 259c2a66000 43 API calls 65111->65113 65112 259c2a70000 43 API calls 65112->65113 65113->65110 65113->65111 65113->65112 65119 259c2a5eec0 65114->65119 65116->64350 65117->64370 65120 259c2a60fb0 43 API calls 65119->65120 65121 259c2a5eed8 65120->65121 65125 259c2a615dd ctype 65122->65125 65126 259c2a61607 65122->65126 65124 259c2a61710 65145 259c2a4b7b0 43 API calls 2 library calls 65124->65145 65125->64381 65129 259c2a61699 65126->65129 65130 259c2a61661 65126->65130 65134 259c2a61653 ctype 65126->65134 65127 259c2accb98 std::_Facet_Register 43 API calls 65127->65134 65131 259c2accb98 std::_Facet_Register 43 API calls 65129->65131 65130->65124 65130->65127 65131->65134 65132 259c2a61716 65133 259c2a616e7 ISource 65133->64381 65134->65133 65144 259c2a4b870 43 API calls 65134->65144 65136 259c2a646c0 65135->65136 65137 259c2a651e0 43 API calls 65136->65137 65138 259c2a646ee 65136->65138 65137->65138 65138->65138 65139 259c2a60dc0 43 API calls 65138->65139 65140 259c2a6470a 65139->65140 65141 259c2a60dc0 43 API calls 65140->65141 65142 259c2a64724 65141->65142 65142->64385 65143->64387 65145->65132 65146 259c2a96480 65211 259c2a99760 GetCurrentProcess OpenProcessToken 65146->65211 65149 259c2a964a4 65743 259c2a99aa0 44 API calls 2 library calls 65149->65743 65150 259c2a964ce 65216 259c2aa5970 GetCurrentProcess OpenProcessToken 65150->65216 65154 259c2a964ae 65744 259c2aa4740 71 API calls _Strcoll 65154->65744 65155 259c2aa5970 8 API calls 65157 259c2a964e6 65155->65157 65224 259c2aa1ff0 65157->65224 65158 259c2a964b7 65161 259c2a964c2 ExitProcess 65158->65161 65160 259c2a964f0 65398 259c2a96eb0 65160->65398 65161->65150 65163 259c2a96576 ISource 65164 259c2a965b4 OpenMutexA 65163->65164 65169 259c2a96746 65163->65169 65165 259c2a965f9 CreateMutexA 65164->65165 65166 259c2a965ed ExitProcess 65164->65166 65167 259c2a96629 65165->65167 65166->65165 65402 259c2a99be0 65167->65402 65171 259c2a96632 ExitProcess 65172 259c2a9663e 65171->65172 65430 259c2a5b820 LoadLibraryA 65172->65430 65190 259c2a9667a 65633 259c2a970e0 65190->65633 65212 259c2a997b8 GetTokenInformation 65211->65212 65213 259c2a997f4 65211->65213 65212->65213 65214 259c2accb70 _Strcoll 3 API calls 65213->65214 65215 259c2a964a0 65214->65215 65215->65149 65215->65150 65217 259c2aa5a46 65216->65217 65218 259c2aa59db LookupPrivilegeValueW 65216->65218 65220 259c2aa5a5a 65217->65220 65221 259c2aa5a4e CloseHandle 65217->65221 65218->65217 65219 259c2aa59fc AdjustTokenPrivileges 65218->65219 65219->65217 65222 259c2accb70 _Strcoll 3 API calls 65220->65222 65221->65220 65223 259c2a964da 65222->65223 65223->65155 65747 259c2aa0c30 GetCurrentHwProfileW 65224->65747 65228 259c2aa20f9 65229 259c2aa2143 65228->65229 66113 259c2aade34 45 API calls 65228->66113 65769 259c2aa7550 65229->65769 65231 259c2aa2153 65235 259c2aa219c 65231->65235 65237 259c2aa21cc ISource ctype 65231->65237 66114 259c2ab6cc0 65231->66114 65234 259c2aa229a ISource 65236 259c2accb70 _Strcoll 3 API calls 65234->65236 65235->65237 65238 259c2ab6cc0 42 API calls 65235->65238 65239 259c2aa22bf 65236->65239 65237->65234 65240 259c2aa22dc 65237->65240 65238->65235 65239->65160 65781 259c2aa0500 65240->65781 65251 259c2aa1ff0 143 API calls 65252 259c2aa237d 65251->65252 65833 259c2a9ff80 65252->65833 65254 259c2aa2387 65837 259c2a724f0 65254->65837 65256 259c2aa23b1 65846 259c2a5eda0 65256->65846 65258 259c2aa240b 65259 259c2a5eda0 43 API calls 65258->65259 65260 259c2aa244e 65259->65260 65261 259c2a60fb0 43 API calls 65260->65261 65262 259c2aa247e 65261->65262 65263 259c2a724f0 43 API calls 65262->65263 65264 259c2aa24a7 65263->65264 65265 259c2a5eda0 43 API calls 65264->65265 65266 259c2aa24f6 65265->65266 65267 259c2a5eda0 43 API calls 65266->65267 65268 259c2aa2545 65267->65268 65269 259c2a60fb0 43 API calls 65268->65269 65270 259c2aa2575 65269->65270 65271 259c2a724f0 43 API calls 65270->65271 65272 259c2aa259e 65271->65272 65273 259c2a5eda0 43 API calls 65272->65273 65274 259c2aa25ec 65273->65274 65275 259c2a5eda0 43 API calls 65274->65275 65276 259c2aa263b 65275->65276 65277 259c2a60fb0 43 API calls 65276->65277 65278 259c2aa266b 65277->65278 65279 259c2a724f0 43 API calls 65278->65279 65280 259c2aa2694 65279->65280 65281 259c2a5eda0 43 API calls 65280->65281 65282 259c2aa26e6 65281->65282 65283 259c2a5eda0 43 API calls 65282->65283 65284 259c2aa2735 65283->65284 65285 259c2a60fb0 43 API calls 65284->65285 65286 259c2aa2765 GlobalMemoryStatusEx 65285->65286 65287 259c2aa278e 65286->65287 65288 259c2a60fb0 43 API calls 65287->65288 65289 259c2aa27d0 65288->65289 65290 259c2a5eda0 43 API calls 65289->65290 65291 259c2aa282e 65290->65291 65292 259c2a5eda0 43 API calls 65291->65292 65293 259c2aa287e 65292->65293 65294 259c2a60fb0 43 API calls 65293->65294 65295 259c2aa28ae 65294->65295 65296 259c2a724f0 43 API calls 65295->65296 65297 259c2aa28da 65296->65297 65298 259c2a5eda0 43 API calls 65297->65298 65299 259c2aa2928 65298->65299 65300 259c2a5eda0 43 API calls 65299->65300 65301 259c2aa2977 65300->65301 65302 259c2a60fb0 43 API calls 65301->65302 65399 259c2a96ed2 65398->65399 65399->65399 65400 259c2a85760 44 API calls 65399->65400 65401 259c2a96ee6 65400->65401 65401->65163 66409 259c2a9f890 GetUserGeoID GetGeoInfoA 65402->66409 65404 259c2a724f0 43 API calls 65405 259c2a99c9f 65404->65405 65407 259c2a5eda0 43 API calls 65405->65407 65406 259c2a99c25 _Strcoll 65406->65404 65428 259c2a99e28 ISource 65406->65428 65408 259c2a99ce6 65407->65408 65410 259c2a5eda0 43 API calls 65408->65410 65409 259c2accb70 _Strcoll 3 API calls 65411 259c2a9662e 65409->65411 65412 259c2a99d23 65410->65412 65411->65171 65411->65172 65413 259c2a60fb0 43 API calls 65412->65413 65414 259c2a99d4d WSAStartup 65413->65414 65415 259c2a99d67 socket 65414->65415 65414->65428 65416 259c2a99e22 WSACleanup 65415->65416 65417 259c2a99d91 htons 65415->65417 65416->65428 65418 259c2a99ecc 65417->65418 65421 259c2a99dc4 65417->65421 66421 259c2a98e10 SHGetKnownFolderPath 65418->66421 65422 259c2a99dd9 inet_pton connect 65421->65422 65424 259c2a99e15 closesocket 65421->65424 66415 259c2aa7890 65421->66415 65422->65421 65423 259c2a99eaa 65422->65423 65423->65418 65427 259c2a615c0 43 API calls 65423->65427 65424->65416 65425 259c2a99edd ISource 65426 259c2a98e10 45 API calls 65425->65426 65429 259c2a99fc9 65425->65429 65426->65428 65427->65418 65428->65409 65428->65429 65431 259c2a5c7d9 65430->65431 65432 259c2a5b925 6 API calls 65430->65432 65433 259c2a5c7fe FreeLibrary 65431->65433 65434 259c2a5c807 65431->65434 65432->65431 65448 259c2a5bce6 ISource 65432->65448 65433->65434 65435 259c2accb70 _Strcoll 3 API calls 65434->65435 65436 259c2a5c816 65435->65436 65454 259c2a5c8c0 CreateToolhelp32Snapshot 65436->65454 65437 259c2accb98 43 API calls std::_Facet_Register 65437->65448 65438 259c2a622d0 43 API calls 65438->65448 65439 259c2a5e3a0 43 API calls 65439->65448 65440 259c2a625a0 43 API calls 65440->65448 65441 259c2a91bf0 43 API calls 65441->65448 65442 259c2a63990 43 API calls 65442->65448 65443 259c2a5eda0 43 API calls 65443->65448 65444 259c2a60fb0 43 API calls 65444->65448 65446 259c2a5c837 65449 259c2a64670 43 API calls 65446->65449 65447 259c2a60840 43 API calls 65447->65448 65448->65431 65448->65437 65448->65438 65448->65439 65448->65440 65448->65441 65448->65442 65448->65443 65448->65444 65448->65446 65448->65447 65451 259c2a5c877 Concurrency::cancel_current_task 65448->65451 66429 259c2a79100 43 API calls std::_Facet_Register 65448->66429 66430 259c2a69d50 43 API calls 2 library calls 65448->66430 65452 259c2a5c862 65449->65452 65453 259c2a64740 43 API calls 65452->65453 65453->65451 65455 259c2a5c927 memcpy_s 65454->65455 65456 259c2a5e1d0 62 API calls 65455->65456 65457 259c2a5c933 65456->65457 65458 259c2a5c93e Process32FirstW 65457->65458 65459 259c2a5cb51 65457->65459 65458->65459 65481 259c2a5c95a ISource 65458->65481 65460 259c2a5e100 43 API calls 65459->65460 65461 259c2a5cb64 65460->65461 65463 259c2a622d0 43 API calls 65461->65463 65466 259c2a5cd66 ISource _invalid_parameter_noinfo 65461->65466 65464 259c2a5cba3 65463->65464 65465 259c2a625a0 43 API calls 65464->65465 65469 259c2a5cbb8 65465->65469 65467 259c2accb70 _Strcoll 3 API calls 65466->65467 65475 259c2a5ce53 65466->65475 65468 259c2a5ce32 65467->65468 65482 259c2a5cf60 65468->65482 65470 259c2a5eda0 43 API calls 65469->65470 65473 259c2a5cc8b 65470->65473 65471 259c2a69230 43 API calls 65471->65481 65472 259c2a636b0 43 API calls 65472->65481 65476 259c2a5eda0 43 API calls 65473->65476 65477 259c2a5cd41 65476->65477 65478 259c2a60fb0 43 API calls 65477->65478 65478->65466 65480 259c2a5cb23 Process32NextW 65480->65459 65480->65481 65481->65471 65481->65472 65481->65475 65481->65480 66431 259c2a91bf0 43 API calls 2 library calls 65481->66431 66432 259c2a61cf0 61 API calls 65481->66432 66433 259c2a67060 43 API calls 2 library calls 65481->66433 65483 259c2a5cfb4 memcpy_s 65482->65483 65484 259c2a5e1d0 62 API calls 65483->65484 65485 259c2a5cfc0 65484->65485 66434 259c2aa10a0 65485->66434 65487 259c2a5d6a5 65488 259c2aa10a0 46 API calls 65487->65488 65506 259c2a5d6c6 ISource 65488->65506 65489 259c2a5d855 65491 259c2a5e100 43 API calls 65489->65491 65490 259c2a69230 43 API calls 65504 259c2a5d51d ISource 65490->65504 65492 259c2a5d86e 65491->65492 65494 259c2a622d0 43 API calls 65492->65494 65502 259c2a5da2b ISource 65492->65502 65493 259c2a69230 43 API calls 65493->65506 65495 259c2a5d89e 65494->65495 65497 259c2a625a0 43 API calls 65495->65497 65503 259c2a5d8b5 65497->65503 65499 259c2a636b0 43 API calls 65499->65506 65501 259c2a636b0 43 API calls 65501->65504 65505 259c2a5dc51 65502->65505 65509 259c2accb70 _Strcoll 3 API calls 65502->65509 65507 259c2a5eda0 43 API calls 65503->65507 65504->65487 65504->65490 65504->65501 65504->65505 66449 259c2a61cf0 61 API calls 65504->66449 66450 259c2a67060 43 API calls 2 library calls 65504->66450 65506->65489 65506->65493 65506->65499 65506->65505 66451 259c2a61cf0 61 API calls 65506->66451 66452 259c2a67060 43 API calls 2 library calls 65506->66452 65511 259c2a5d96e 65507->65511 65510 259c2a5dc30 65509->65510 65515 259c2a5dc90 65510->65515 65512 259c2a5eda0 43 API calls 65511->65512 65513 259c2a5da06 65512->65513 65514 259c2a60fb0 43 API calls 65513->65514 65514->65502 66456 259c2aa4220 GetEnvironmentStringsW 65515->66456 65517 259c2a5dce6 memcpy_s 65518 259c2a5e1d0 62 API calls 65517->65518 65531 259c2a5dd01 ISource ctype 65518->65531 65519 259c2a5de0a 65520 259c2a5e100 43 API calls 65519->65520 65521 259c2a5de17 65520->65521 65523 259c2a622d0 43 API calls 65521->65523 65525 259c2a5e006 ISource 65521->65525 65524 259c2a5de47 65523->65524 65527 259c2a625a0 43 API calls 65524->65527 65529 259c2accb70 _Strcoll 3 API calls 65525->65529 65535 259c2a5e0e3 65525->65535 65532 259c2a5de5e 65527->65532 65530 259c2a5e0c2 65529->65530 65540 259c2a5acc0 CredEnumerateA 65530->65540 65531->65519 65531->65535 66464 259c2a91d00 43 API calls 2 library calls 65531->66464 66465 259c2a69230 65531->66465 66475 259c2a61cf0 61 API calls 65531->66475 66476 259c2a67060 43 API calls 2 library calls 65531->66476 65534 259c2a5eda0 43 API calls 65532->65534 65536 259c2a5df2b 65534->65536 65537 259c2a5eda0 43 API calls 65536->65537 65538 259c2a5dfe1 65537->65538 65539 259c2a60fb0 43 API calls 65538->65539 65539->65525 65541 259c2a5b74c 65540->65541 65550 259c2a5ad30 ISource 65540->65550 65543 259c2accb70 _Strcoll 3 API calls 65541->65543 65542 259c2a5b73f CredFree 65542->65541 65544 259c2a5b75b 65543->65544 65564 259c2a80d70 65544->65564 65545 259c2a5e3a0 43 API calls 65545->65550 65546 259c2a622d0 43 API calls 65546->65550 65547 259c2a625a0 43 API calls 65547->65550 65548 259c2a63990 43 API calls 65548->65550 65549 259c2a5eda0 43 API calls 65549->65550 65550->65542 65550->65545 65550->65546 65550->65547 65550->65548 65550->65549 65551 259c2accb98 43 API calls std::_Facet_Register 65550->65551 65553 259c2a5b77c 65550->65553 65555 259c2a60840 43 API calls 65550->65555 65561 259c2a60fb0 43 API calls 65550->65561 65563 259c2a5b7bc ISource Concurrency::cancel_current_task 65550->65563 66482 259c2a79100 43 API calls std::_Facet_Register 65550->66482 66483 259c2a69d50 43 API calls 2 library calls 65550->66483 65551->65550 65557 259c2a64670 43 API calls 65553->65557 65554 259c2a63ba1 65555->65550 65556 259c2a66000 43 API calls 65556->65563 65559 259c2a5b7a7 65557->65559 65562 259c2a64740 43 API calls 65559->65562 65560 259c2a70000 43 API calls 65560->65563 65561->65550 65562->65563 65563->65554 65563->65556 65563->65560 65565 259c2a81082 65564->65565 65569 259c2a80dc5 ISource 65564->65569 65566 259c2accb70 _Strcoll 3 API calls 65565->65566 65567 259c2a8108e 65566->65567 65576 259c2a83a60 65567->65576 65568 259c2a4e9a0 49 API calls 65568->65569 65569->65565 65569->65568 65571 259c2a4d6c0 43 API calls 65569->65571 65572 259c2a810af 65569->65572 65574 259c2a810d8 65569->65574 65575 259c2a810c3 65569->65575 65571->65569 66484 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65572->66484 66485 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65575->66485 65577 259c2a83d72 65576->65577 65585 259c2a83ab5 ISource 65576->65585 65578 259c2accb70 _Strcoll 3 API calls 65577->65578 65579 259c2a83d7e 65578->65579 65588 259c2a51100 65579->65588 65580 259c2a83db3 66487 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65580->66487 65582 259c2a4d6c0 43 API calls 65582->65585 65583 259c2a4e9a0 49 API calls 65583->65585 65584 259c2a83dc8 65585->65577 65585->65580 65585->65582 65585->65583 65585->65584 65586 259c2a83d9f 65585->65586 66486 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65586->66486 66488 259c2a4f1c0 65588->66488 65591 259c2a51133 65593 259c2a511ef ISource 65591->65593 65595 259c2a513de 65591->65595 66498 259c2a502e0 110 API calls 2 library calls 65591->66498 65593->65595 66493 259c2a4f8b0 65593->66493 65594 259c2accb70 _Strcoll 3 API calls 65596 259c2a513c5 65594->65596 65600 259c2a59090 65596->65600 65597 259c2a51245 65597->65595 65599 259c2a51361 ISource 65597->65599 66499 259c2a502e0 110 API calls 2 library calls 65597->66499 65599->65594 65599->65595 65601 259c2a5a11e 65600->65601 65630 259c2a590ec ISource 65600->65630 65602 259c2accb70 _Strcoll 3 API calls 65601->65602 65603 259c2a5a12d 65602->65603 65603->65190 65604 259c2a5a173 66648 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65604->66648 65608 259c2a5a153 66647 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 65608->66647 65610 259c2a5a18e 66649 259c2a615a0 43 API calls 65610->66649 65612 259c2a4d6c0 43 API calls 65612->65630 65614 259c2a4e9a0 49 API calls 65614->65630 65616 259c2a5a1e0 65617 259c2a5a1b2 66650 259c2a4e080 65617->66650 65619 259c2a60840 43 API calls 65619->65630 65620 259c2a622d0 43 API calls 65620->65630 65621 259c2a625a0 43 API calls 65621->65630 65623 259c2a5fe50 43 API calls 65623->65630 65625 259c2a5eda0 43 API calls 65625->65630 65629 259c2a724f0 43 API calls 65629->65630 65630->65601 65630->65604 65630->65608 65630->65610 65630->65612 65630->65614 65630->65616 65630->65617 65630->65619 65630->65620 65630->65621 65630->65623 65630->65625 65630->65629 65632 259c2a60fb0 43 API calls 65630->65632 66500 259c2a9a6d0 65630->66500 66556 259c2a634d0 65630->66556 66561 259c2a91ea0 CryptUnprotectData 65630->66561 66569 259c2a62100 65630->66569 66580 259c2a99830 65630->66580 66587 259c2a60a90 43 API calls 3 library calls 65630->66587 66588 259c2a4d390 65630->66588 66592 259c2a4d220 65630->66592 66605 259c2a5ecc0 65630->66605 66638 259c2a4e660 65630->66638 65632->65630 65634 259c2a97127 memcpy_s 65633->65634 65635 259c2a5e1d0 62 API calls 65634->65635 65637 259c2a97130 65635->65637 65638 259c2a97155 65637->65638 66930 259c2a97390 65637->66930 65639 259c2a5e100 43 API calls 65638->65639 65640 259c2a97162 65639->65640 65641 259c2a622d0 43 API calls 65640->65641 65651 259c2a972a9 ISource 65640->65651 65642 259c2a97194 65641->65642 65643 259c2a625a0 43 API calls 65642->65643 65647 259c2a971ac 65643->65647 65644 259c2accb70 _Strcoll 3 API calls 65645 259c2a9668c 65644->65645 65652 259c2a5a1f0 65645->65652 65646 259c2a97378 65648 259c2a5eda0 43 API calls 65647->65648 65649 259c2a97284 65648->65649 65650 259c2a60fb0 43 API calls 65649->65650 65650->65651 65651->65644 65651->65646 65653 259c2a5a340 65652->65653 65654 259c2a4d6c0 43 API calls 65653->65654 65655 259c2a5a396 ISource 65654->65655 65656 259c2a4e9a0 49 API calls 65655->65656 65657 259c2a5ac73 65655->65657 65743->65154 65744->65158 65748 259c2aa0c7a 65747->65748 65750 259c2aa0cd9 65747->65750 66123 259c2a91bf0 43 API calls 2 library calls 65748->66123 65751 259c2accb70 _Strcoll 3 API calls 65750->65751 65752 259c2aa0d51 65751->65752 65755 259c2aa0250 65752->65755 65754 259c2aa0c89 65754->65750 66124 259c2aade34 45 API calls 65754->66124 66125 259c2a99920 65755->66125 65759 259c2aa02f3 ISource memcpy_s 65760 259c2aa0341 65759->65760 65763 259c2aa0417 65759->65763 66136 259c2a92490 62 API calls 65759->66136 65761 259c2accb70 _Strcoll 3 API calls 65760->65761 65762 259c2aa03fe 65761->65762 65762->65228 65765 259c2aa037d 66137 259c2a925f0 61 API calls 2 library calls 65765->66137 65767 259c2aa03a4 66138 259c2a5e100 65767->66138 65770 259c2aa7698 65769->65770 65773 259c2aa7599 65769->65773 66166 259c2a4b870 43 API calls 65770->66166 65774 259c2aa75d8 65773->65774 65776 259c2aa7636 65773->65776 65777 259c2aa75fa ctype 65773->65777 65775 259c2accb98 std::_Facet_Register 43 API calls 65774->65775 65778 259c2aa75f1 65774->65778 65775->65778 65779 259c2accb98 std::_Facet_Register 43 API calls 65776->65779 65777->65231 65778->65777 66165 259c2a4b7b0 43 API calls 2 library calls 65778->66165 65779->65777 65782 259c2aa0559 memcpy_s 65781->65782 65783 259c2accb98 std::_Facet_Register 43 API calls 65782->65783 65784 259c2aa05c3 65783->65784 65785 259c2aa0608 EnumDisplayDevicesW 65784->65785 65787 259c2aa0625 ISource 65785->65787 65791 259c2aa06c9 65785->65791 65792 259c2aa0691 EnumDisplayDevicesW 65787->65792 65795 259c2aa080f 65787->65795 66167 259c2a91bf0 43 API calls 2 library calls 65787->66167 66168 259c2aa7d70 43 API calls 2 library calls 65787->66168 65788 259c2aa06d1 65790 259c2accb70 _Strcoll 3 API calls 65788->65790 65794 259c2aa07ee 65790->65794 65791->65788 65793 259c2a60dc0 43 API calls 65791->65793 65792->65787 65792->65791 65793->65791 65796 259c2aa0420 RegGetValueA 65794->65796 65797 259c2aa049d 65796->65797 65798 259c2accb70 _Strcoll 3 API calls 65797->65798 65799 259c2aa04df 65798->65799 65800 259c2aa0820 65799->65800 65801 259c2aa08af 65800->65801 65804 259c2aa08c0 ISource 65800->65804 65802 259c2a651e0 43 API calls 65801->65802 65802->65804 65803 259c2a60dc0 43 API calls 65803->65804 65804->65803 65805 259c2aa099e 65804->65805 65809 259c2aa0c0b 65804->65809 66169 259c2adb3c4 GetNativeSystemInfo 65805->66169 65807 259c2aa09a3 66170 259c2a85760 65807->66170 65810 259c2aa0a44 65811 259c2a60dc0 43 API calls 65810->65811 65812 259c2aa0a8e 65811->65812 65813 259c2a60dc0 43 API calls 65812->65813 65815 259c2aa0ae8 ISource 65813->65815 65814 259c2accb70 _Strcoll 3 API calls 65816 259c2aa0bee 65814->65816 65815->65809 65815->65814 65817 259c2aa0110 65816->65817 66176 259c2acd830 65817->66176 65820 259c2aa015f 66178 259c2a91bf0 43 API calls 2 library calls 65820->66178 65821 259c2aa016c 65823 259c2accb70 _Strcoll 3 API calls 65821->65823 65824 259c2aa019e 65823->65824 65825 259c2aa01b0 65824->65825 65826 259c2acd830 _Strcoll 65825->65826 65827 259c2aa01c0 GetComputerNameW 65826->65827 65828 259c2aa01ff 65827->65828 65830 259c2aa020c 65827->65830 66179 259c2a91bf0 43 API calls 2 library calls 65828->66179 65831 259c2accb70 _Strcoll 3 API calls 65830->65831 65832 259c2aa023e 65831->65832 65832->65251 65834 259c2aa0080 65833->65834 66180 259c2a9f200 65834->66180 65836 259c2aa00a4 ISource 65836->65254 65838 259c2a60fb0 43 API calls 65837->65838 65839 259c2a72523 65838->65839 65840 259c2accb98 std::_Facet_Register 43 API calls 65839->65840 65841 259c2a72538 65840->65841 65842 259c2a5fe50 43 API calls 65841->65842 65843 259c2a72555 65842->65843 65844 259c2accb70 _Strcoll 3 API calls 65843->65844 65845 259c2a7256e 65844->65845 65845->65256 65847 259c2a5edd7 65846->65847 65848 259c2a5eddf 65846->65848 66222 259c2a64b00 43 API calls 2 library calls 65847->66222 65850 259c2a5ee74 65848->65850 66212 259c2a649c0 65848->66212 66223 259c2a64b90 43 API calls 65850->66223 65852 259c2a5edfd 65852->65850 65855 259c2a5ee30 ISource 65852->65855 65854 259c2a5ee96 65857 259c2a64740 43 API calls 65854->65857 65856 259c2accb70 _Strcoll 3 API calls 65855->65856 65858 259c2a5ee5f 65856->65858 65859 259c2a5eea9 Concurrency::cancel_current_task 65857->65859 65858->65258 66113->65228 66115 259c2ab6cfa 66114->66115 66120 259c2ab6cd9 66114->66120 66116 259c2ab81fc _Getctype 42 API calls 66115->66116 66117 259c2ab6cff 66116->66117 66118 259c2aba488 _Getctype 42 API calls 66117->66118 66119 259c2ab6d18 66118->66119 66119->66120 66408 259c2abddc0 42 API calls 3 library calls 66119->66408 66120->65231 66122 259c2ab6d4e 66122->65231 66123->65754 66124->65754 66142 259c2a97d40 66125->66142 66127 259c2a99a82 66160 259c2a97b50 43 API calls Concurrency::cancel_current_task 66127->66160 66130 259c2a9996d 66130->66127 66148 259c2a54c00 66130->66148 66132 259c2a999de 66132->66127 66133 259c2a99a47 ISource 66132->66133 66134 259c2accb70 _Strcoll 3 API calls 66133->66134 66135 259c2a99a6c GetVolumeInformationW 66134->66135 66135->65759 66136->65765 66137->65767 66139 259c2a5e148 66138->66139 66140 259c2a5e1ac 66139->66140 66141 259c2a615c0 43 API calls 66139->66141 66140->65760 66141->66140 66143 259c2a97dbf 66142->66143 66145 259c2a97da0 __std_fs_get_current_path 66142->66145 66143->66145 66161 259c2a657d0 43 API calls 4 library calls 66143->66161 66147 259c2a97ed5 66145->66147 66162 259c2a657d0 43 API calls 4 library calls 66145->66162 66147->66130 66149 259c2a54d24 66148->66149 66152 259c2a54c26 66148->66152 66164 259c2a4b870 43 API calls 66149->66164 66151 259c2a54d1f 66163 259c2a4b7b0 43 API calls 2 library calls 66151->66163 66152->66151 66154 259c2a54c8a 66152->66154 66155 259c2a54ce2 66152->66155 66159 259c2a54c31 ctype 66152->66159 66154->66151 66157 259c2a54c97 66154->66157 66156 259c2accb98 std::_Facet_Register 43 API calls 66155->66156 66156->66159 66158 259c2accb98 std::_Facet_Register 43 API calls 66157->66158 66158->66159 66159->66132 66161->66145 66162->66145 66163->66149 66165->65770 66167->65787 66168->65787 66169->65807 66171 259c2a85825 66170->66171 66174 259c2a85790 ctype 66170->66174 66175 259c2a89b20 44 API calls 4 library calls 66171->66175 66173 259c2a8583a 66173->65810 66174->65810 66175->66173 66177 259c2aa0120 GetUserNameW 66176->66177 66177->65820 66177->65821 66178->65821 66179->65830 66181 259c2a9f3a0 66180->66181 66181->66181 66182 259c2a9f3b7 InternetOpenA 66181->66182 66183 259c2a9f475 InternetOpenUrlA 66182->66183 66195 259c2a9f3e2 66182->66195 66185 259c2a9f4e9 HttpQueryInfoW 66183->66185 66183->66195 66187 259c2a9f516 66185->66187 66188 259c2a9f54f HttpQueryInfoW 66185->66188 66186 259c2accb70 _Strcoll 3 API calls 66191 259c2a9f45a 66186->66191 66187->66188 66189 259c2a9f5d8 InternetQueryDataAvailable 66188->66189 66190 259c2a9f5ac 66188->66190 66193 259c2a9f7d3 InternetCloseHandle 66189->66193 66199 259c2a9f5f4 66189->66199 66210 259c2ab3f10 42 API calls 2 library calls 66190->66210 66191->65836 66193->66195 66194 259c2a9f5bd 66194->66189 66197 259c2a651e0 43 API calls 66194->66197 66196 259c2a9f86f 66195->66196 66206 259c2a9f436 ISource 66195->66206 66211 259c2a4b7b0 43 API calls 2 library calls 66196->66211 66201 259c2a9f5ce 66197->66201 66199->66193 66199->66196 66200 259c2a9f699 InternetReadFile 66199->66200 66204 259c2a9f64e ISource memcpy_s ctype 66199->66204 66207 259c2accb98 std::_Facet_Register 43 API calls 66199->66207 66202 259c2a9f78d ISource 66200->66202 66200->66204 66201->66189 66202->66193 66202->66196 66203 259c2a9f880 66204->66196 66204->66199 66204->66200 66204->66202 66205 259c2accb98 std::_Facet_Register 43 API calls 66204->66205 66208 259c2a65cb0 43 API calls 66204->66208 66209 259c2a9f766 InternetQueryDataAvailable 66204->66209 66205->66204 66206->66186 66207->66199 66208->66204 66209->66193 66209->66204 66210->66194 66211->66203 66213 259c2a649e6 66212->66213 66214 259c2a64a2c 66213->66214 66215 259c2a64af3 66213->66215 66221 259c2a64a9f 66213->66221 66216 259c2accb98 std::_Facet_Register 43 API calls 66214->66216 66224 259c2a4b890 43 API calls 66215->66224 66218 259c2a64a4a 66216->66218 66220 259c2a60840 43 API calls 66218->66220 66220->66221 66221->65852 66222->65848 66223->65854 66408->66122 66410 259c2a5fc80 43 API calls 66409->66410 66411 259c2a9f905 GetGeoInfoA 66410->66411 66413 259c2a5fc80 43 API calls 66411->66413 66414 259c2a9f938 66413->66414 66414->65406 66416 259c2aa78ac 66415->66416 66417 259c2ab6cc0 42 API calls 66416->66417 66419 259c2aa78db ctype 66416->66419 66417->66416 66418 259c2ab6cc0 42 API calls 66418->66419 66419->66418 66420 259c2aa795a ctype 66419->66420 66420->65421 66422 259c2a98f25 CoTaskMemFree 66421->66422 66423 259c2a98e77 66421->66423 66424 259c2accb70 _Strcoll 3 API calls 66422->66424 66426 259c2a54c00 43 API calls 66423->66426 66425 259c2a98f40 66424->66425 66425->65425 66427 259c2a98ea9 ISource 66426->66427 66427->66422 66428 259c2a98f52 66427->66428 66429->65448 66430->65448 66431->65481 66432->65481 66433->65481 66435 259c2aa1114 RegOpenKeyExA 66434->66435 66436 259c2aa135b 66435->66436 66447 259c2aa1137 ISource 66435->66447 66438 259c2aa1364 RegCloseKey 66436->66438 66439 259c2aa136a 66436->66439 66437 259c2aa1144 RegEnumKeyExA 66437->66447 66438->66439 66440 259c2accb70 _Strcoll 3 API calls 66439->66440 66441 259c2aa137c 66440->66441 66441->65504 66444 259c2aa93f0 43 API calls 66444->66447 66446 259c2aa13a2 66447->66436 66447->66437 66447->66444 66447->66446 66448 259c2aa1397 66447->66448 66453 259c2a67370 43 API calls 5 library calls 66447->66453 66454 259c2a70070 43 API calls 66447->66454 66455 259c2a4b870 43 API calls 66448->66455 66449->65504 66450->65504 66451->65506 66452->65506 66453->66447 66458 259c2aa4270 ISource 66456->66458 66460 259c2aa4338 FreeEnvironmentStringsW 66458->66460 66461 259c2aa4365 66458->66461 66477 259c2aa7c20 43 API calls 3 library calls 66458->66477 66478 259c2aab090 43 API calls 5 library calls 66458->66478 66460->65517 66462 259c2aa43a3 RtlInitUnicodeString RtlInitUnicodeString 66461->66462 66463 259c2aa43d4 66461->66463 66462->65517 66463->65517 66464->65531 66466 259c2a69274 66465->66466 66468 259c2a692a9 66466->66468 66479 259c2a67060 43 API calls 2 library calls 66466->66479 66469 259c2a694a5 66468->66469 66471 259c2a6945c 66468->66471 66481 259c2a4cc70 43 API calls 66469->66481 66470 259c2a6946d 66470->65531 66471->66470 66480 259c2a67b40 43 API calls 2 library calls 66471->66480 66474 259c2a694e9 Concurrency::cancel_current_task 66475->65531 66476->65531 66477->66458 66478->66458 66479->66468 66480->66470 66481->66474 66482->65550 66483->65550 66489 259c2a4f4c0 ISource 66488->66489 66490 259c2a4f7d2 66489->66490 66491 259c2accb70 _Strcoll 3 API calls 66489->66491 66490->65591 66492 259c2a4f694 66491->66492 66492->65591 66497 259c2a4fbb0 ISource 66493->66497 66494 259c2accb70 _Strcoll 3 API calls 66496 259c2a4fd84 66494->66496 66495 259c2a4fec2 66496->65597 66497->66494 66497->66495 66498->65593 66499->65599 66501 259c2a9a763 66500->66501 66502 259c2a4d6c0 43 API calls 66501->66502 66503 259c2a9a788 ISource 66502->66503 66504 259c2a4e9a0 49 API calls 66503->66504 66505 259c2a9acd7 66503->66505 66507 259c2a9a7f4 memcpy_s 66504->66507 66658 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 66505->66658 66508 259c2aa91d0 76 API calls 66507->66508 66518 259c2a9a836 66507->66518 66510 259c2a9a919 66508->66510 66509 259c2accb70 _Strcoll 3 API calls 66511 259c2a9a8c9 66509->66511 66512 259c2a9aba0 66510->66512 66515 259c2aa79c0 43 API calls 66510->66515 66511->65630 66548 259c2a9a897 ISource 66512->66548 66657 259c2a719c0 43 API calls 66512->66657 66513 259c2a9acff 66659 259c2a4cc70 43 API calls 66513->66659 66517 259c2a9a992 66515->66517 66520 259c2a9aa32 66517->66520 66521 259c2a9a9af 66517->66521 66518->66505 66518->66548 66519 259c2a9ad26 Concurrency::cancel_current_task 66660 259c2a4cc70 43 API calls 66519->66660 66522 259c2aa6110 43 API calls 66520->66522 66521->66513 66523 259c2a9a9e1 66521->66523 66524 259c2a9aa46 66522->66524 66526 259c2aa5f50 44 API calls 66523->66526 66529 259c2a9aa5d 66524->66529 66530 259c2a9aae0 66524->66530 66527 259c2a9a9ee 66526->66527 66528 259c2a60fb0 43 API calls 66527->66528 66531 259c2a9aa0e 66528->66531 66529->66519 66533 259c2a9aa8f 66529->66533 66532 259c2aa6110 43 API calls 66530->66532 66654 259c2a70cd0 43 API calls 66531->66654 66536 259c2a9aaf4 66532->66536 66537 259c2aa5f50 44 API calls 66533->66537 66534 259c2a9ad60 Concurrency::cancel_current_task 66661 259c2a4cc70 43 API calls 66534->66661 66538 259c2aa6110 43 API calls 66536->66538 66539 259c2a9aa9c 66537->66539 66540 259c2a9ab03 66538->66540 66541 259c2a60fb0 43 API calls 66539->66541 66543 259c2a84500 44 API calls 66540->66543 66544 259c2a9aabc 66541->66544 66545 259c2a9ad9e Concurrency::cancel_current_task 66548->66509 66557 259c2a5fc80 43 API calls 66556->66557 66558 259c2a63528 ctype 66557->66558 66559 259c2a5fc80 43 API calls 66558->66559 66560 259c2a63661 66559->66560 66560->65630 66562 259c2a91fcc 66561->66562 66565 259c2a91f06 66561->66565 66563 259c2accb70 _Strcoll 3 API calls 66562->66563 66566 259c2a91fe6 66563->66566 66564 259c2a91f2d memcpy_s ctype 66568 259c2a91f86 LocalFree 66564->66568 66565->66564 66567 259c2a65b00 43 API calls 66565->66567 66566->65630 66567->66564 66568->66562 66570 259c2a54e90 43 API calls 66569->66570 66571 259c2a6214c 66570->66571 66662 259c2a4e150 66571->66662 66575 259c2accb98 std::_Facet_Register 43 API calls 66577 259c2a621c4 66575->66577 66576 259c2a62293 66578 259c2accb70 _Strcoll 3 API calls 66576->66578 66680 259c2ad97f0 43 API calls __std_fs_directory_iterator_open 66577->66680 66579 259c2a622af 66578->66579 66579->65630 66692 259c2a98f60 66580->66692 66583 259c2a622d0 43 API calls 66584 259c2a9988a 66583->66584 66585 259c2accb70 _Strcoll 3 API calls 66584->66585 66586 259c2a9990d 66585->66586 66586->65630 66587->65630 66591 259c2a4d3b9 66588->66591 66589 259c2a54c00 43 API calls 66590 259c2a4d44a 66589->66590 66590->65630 66591->66589 66593 259c2a4d250 66592->66593 66911 259c2ad9570 66593->66911 66595 259c2a4d2ea 66595->65630 66596 259c2a4d339 66917 259c2a4c010 43 API calls 2 library calls 66596->66917 66598 259c2a4d25c __std_fs_convert_wide_to_narrow 66598->66595 66598->66596 66599 259c2a4d33f 66598->66599 66600 259c2a5fc80 43 API calls 66598->66600 66918 259c2a4c3e0 43 API calls Concurrency::cancel_current_task 66599->66918 66603 259c2a4d2c0 __std_fs_convert_wide_to_narrow 66600->66603 66603->66595 66916 259c2a4c3e0 43 API calls Concurrency::cancel_current_task 66603->66916 66606 259c2a5ece0 66605->66606 66607 259c2a5ecda 66605->66607 66608 259c2a60840 43 API calls 66606->66608 66609 259c2a5ed4b 66607->66609 66610 259c2a5ecde 66607->66610 66608->66610 66613 259c2a64670 43 API calls 66609->66613 66611 259c2a5ed0c 66610->66611 66617 259c2a5ed2d 66610->66617 66919 259c2a61730 66611->66919 66616 259c2a5ed71 66613->66616 66614 259c2a6a039 66927 259c2a5e8f0 43 API calls 66614->66927 66619 259c2a64740 43 API calls 66616->66619 66617->66614 66618 259c2a6a034 66617->66618 66623 259c2a69f6f 66617->66623 66624 259c2a69f9b 66617->66624 66632 259c2a69f5d 66617->66632 66926 259c2a4b7b0 43 API calls 2 library calls 66618->66926 66622 259c2a5ed84 Concurrency::cancel_current_task 66619->66622 66623->66618 66627 259c2a69f7c 66623->66627 66628 259c2accb98 std::_Facet_Register 43 API calls 66624->66628 66625 259c2a61730 3 API calls 66629 259c2a69fd4 66625->66629 66626 259c2a6a03f 66630 259c2accb98 std::_Facet_Register 43 API calls 66627->66630 66628->66632 66631 259c2a69fe5 66629->66631 66923 259c2a6a210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 66629->66923 66630->66632 66924 259c2a6a210 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 66631->66924 66632->66625 66632->66626 66635 259c2a6a00f 66925 259c2a66c80 43 API calls ISource 66635->66925 66637 259c2a6a021 66637->65630 66640 259c2a4e690 66638->66640 66639 259c2ad97d0 2 API calls 66639->66640 66640->66639 66641 259c2a4e75e 66640->66641 66646 259c2a4e6cb 66640->66646 66928 259c2a4df70 43 API calls 2 library calls 66641->66928 66642 259c2accb70 _Strcoll 3 API calls 66644 259c2a4e749 66642->66644 66644->65630 66645 259c2a4e76c 66646->66642 66651 259c2a4e099 66650->66651 66929 259c2a4da20 44 API calls ISource 66651->66929 66653 259c2a4e0d0 Concurrency::cancel_current_task 66654->66548 66657->66518 66659->66519 66660->66534 66661->66545 66663 259c2a4e18f 66662->66663 66664 259c2a4e2bf ISource 66663->66664 66666 259c2a54e90 43 API calls 66663->66666 66665 259c2accb70 _Strcoll 3 API calls 66664->66665 66673 259c2a4e385 66664->66673 66667 259c2a4e36e 66665->66667 66668 259c2a4e1c9 66666->66668 66667->66575 66667->66577 66669 259c2a54c00 43 API calls 66668->66669 66670 259c2a4e1f7 66669->66670 66671 259c2a4cff0 43 API calls 66670->66671 66672 259c2a4e21d ISource 66671->66672 66672->66673 66681 259c2ad9810 66672->66681 66675 259c2a4e288 66676 259c2a4e2c6 66675->66676 66677 259c2a4e28e 66675->66677 66676->66664 66678 259c2a4e9a0 49 API calls 66676->66678 66677->66664 66688 259c2ad97d0 FindNextFileW 66677->66688 66678->66664 66680->66576 66682 259c2ad982e FindClose 66681->66682 66683 259c2ad983b FindFirstFileExW 66681->66683 66682->66683 66684 259c2ad987c 66682->66684 66685 259c2ad9862 __std_fs_directory_iterator_open 66683->66685 66691 259c2ab7bc4 42 API calls __std_fs_directory_iterator_open 66684->66691 66685->66675 66689 259c2ad97e5 GetLastError 66688->66689 66690 259c2ad97de 66688->66690 66690->66677 66693 259c2a4e9a0 49 API calls 66692->66693 66697 259c2a98faf memcpy_s 66693->66697 66694 259c2a98fe7 66695 259c2a996ee Concurrency::cancel_current_task 66694->66695 66696 259c2a98fef 66694->66696 66793 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 66695->66793 66699 259c2accb70 _Strcoll 3 API calls 66696->66699 66697->66694 66697->66696 66701 259c2aa91d0 76 API calls 66697->66701 66700 259c2a99691 66699->66700 66700->66583 66700->66584 66702 259c2a9902e 66701->66702 66703 259c2a99091 66702->66703 66704 259c2a99485 66702->66704 66743 259c2aa3b30 GetCurrentProcess GetProcessId RmStartSession 66703->66743 66761 259c2a74da0 66704->66761 66706 259c2a99716 66794 259c2a4cc70 43 API calls 66706->66794 66713 259c2a990b4 66716 259c2a990c7 66713->66716 66717 259c2a9919c GetFileSize 66713->66717 66715 259c2a994d7 66720 259c2a74da0 44 API calls 66715->66720 66716->66706 66722 259c2a9910e ISource 66716->66722 66723 259c2a991dd 66717->66723 66727 259c2a991b8 memcpy_s 66717->66727 66718 259c2a99740 Concurrency::cancel_current_task 66719 259c2a651e0 43 API calls 66719->66715 66721 259c2a994ea 66720->66721 66788 259c2a719c0 43 API calls 66722->66788 66723->66727 66728 259c2a65b00 43 API calls 66723->66728 66726 259c2a99242 SetFilePointer ReadFile 66735 259c2a993a2 66726->66735 66738 259c2a99291 66726->66738 66727->66726 66728->66726 66730 259c2a9915f 66730->66696 66733 259c2a99314 ISource 66789 259c2a719c0 43 API calls 66733->66789 66734 259c2a993f7 ISource 66790 259c2a719c0 43 API calls 66734->66790 66735->66706 66735->66734 66738->66706 66738->66733 66744 259c2aa3c91 66743->66744 66745 259c2aa3b98 RmRegisterResources 66743->66745 66748 259c2accb70 _Strcoll 3 API calls 66744->66748 66746 259c2aa3bc3 RmGetList 66745->66746 66747 259c2aa3c88 RmEndSession 66745->66747 66749 259c2aa3cd4 66746->66749 66752 259c2aa3bff 66746->66752 66747->66744 66750 259c2a990a3 66748->66750 66751 259c2aa3cd7 RmEndSession 66749->66751 66787 259c2aa3cf0 52 API calls 6 library calls 66750->66787 66751->66744 66752->66749 66752->66751 66753 259c2aa3c36 RmGetList 66752->66753 66754 259c2aa3ccc 66753->66754 66755 259c2aa3c5a 66753->66755 66796 259c2aaefd8 8 API calls 3 library calls 66754->66796 66755->66754 66757 259c2aa3c5f 66755->66757 66757->66747 66758 259c2aa3cb7 66757->66758 66795 259c2aaefd8 8 API calls 3 library calls 66758->66795 66760 259c2aa3cbf RmEndSession 66760->66744 66762 259c2a74dfd 66761->66762 66765 259c2a74ee3 66761->66765 66797 259c2a756c0 66762->66797 66764 259c2a74e22 66768 259c2a74e59 Concurrency::cancel_current_task 66764->66768 66807 259c2a70f70 66764->66807 66817 259c2a4cc70 43 API calls 66765->66817 66767 259c2a74eb0 66772 259c2a74cc0 66767->66772 66768->66767 66818 259c2a4cc70 43 API calls 66768->66818 66770 259c2a74f7e Concurrency::cancel_current_task 66774 259c2a74cf0 66772->66774 66773 259c2a756c0 43 API calls 66775 259c2a74cff 66773->66775 66774->66773 66775->66715 66775->66719 66787->66713 66788->66730 66789->66730 66790->66730 66794->66718 66795->66760 66796->66749 66798 259c2a75700 66797->66798 66802 259c2a756dd 66797->66802 66800 259c2a7570e 66798->66800 66819 259c2a67060 43 API calls 2 library calls 66798->66819 66799 259c2a756fa 66799->66764 66800->66764 66802->66799 66820 259c2a4cc70 43 API calls 66802->66820 66804 259c2a758d5 66804->66764 66805 259c2a75763 ISource Concurrency::cancel_current_task 66805->66804 66821 259c2a74480 43 API calls ctype 66805->66821 66808 259c2a70fa3 66807->66808 66809 259c2a70ffb 66808->66809 66810 259c2a71e90 42 API calls 66808->66810 66811 259c2accb70 _Strcoll 3 API calls 66809->66811 66812 259c2a70fc6 66810->66812 66813 259c2a71069 66811->66813 66812->66809 66814 259c2a70fe6 66812->66814 66822 259c2aaf734 66812->66822 66813->66768 66814->66809 66817->66768 66818->66770 66819->66800 66820->66805 66823 259c2aaf764 66822->66823 66912 259c2ac4cb4 __std_fs_code_page 42 API calls 66911->66912 66913 259c2ad9579 66912->66913 66914 259c2ad9582 AreFileApisANSI 66913->66914 66915 259c2ad958f 66913->66915 66914->66915 66915->66598 66917->66599 66920 259c2a6177e 66919->66920 66921 259c2accb70 _Strcoll 3 API calls 66920->66921 66922 259c2a5ed17 66921->66922 66922->65630 66923->66631 66924->66635 66925->66637 66926->66614 66928->66645 66929->66653 66931 259c2a973c4 66930->66931 66932 259c2a973c7 RegOpenKeyExA 66930->66932 66931->66932 66933 259c2a973f3 RegCloseKey 66932->66933 66934 259c2a973f9 66932->66934 66933->66934 66938 259c2a97427 66934->66938 66941 259c2a97474 66934->66941 66943 259c2a974a0 67 API calls 3 library calls 66934->66943 66935 259c2accb70 _Strcoll 3 API calls 66936 259c2a9748b 66935->66936 66936->65637 66939 259c2aa10a0 46 API calls 66938->66939 66940 259c2a9744a 66939->66940 66940->66941 66942 259c2a97390 70 API calls 66940->66942 66941->66935 66942->66940 66943->66934 67241 259c2a81340 67242 259c2a4e9a0 49 API calls 67241->67242 67243 259c2a8139f 67242->67243 67244 259c2a4e9a0 49 API calls 67243->67244 67245 259c2a81c14 67244->67245 67246 259c2a4d390 43 API calls 67245->67246 67256 259c2a82036 ISource 67245->67256 67248 259c2a81c4a 67246->67248 67247 259c2accb70 _Strcoll 3 API calls 67249 259c2a82061 67247->67249 67250 259c2a4d220 44 API calls 67248->67250 67251 259c2a81c58 67250->67251 67296 259c2a84150 67251->67296 67254 259c2a99830 105 API calls 67255 259c2a81d1d 67254->67255 67255->67256 67257 259c2a8207d 67255->67257 67256->67247 67258 259c2a64670 43 API calls 67257->67258 67259 259c2a820a5 67258->67259 67260 259c2a64740 43 API calls 67259->67260 67261 259c2a820ba Concurrency::cancel_current_task 67260->67261 67262 259c2a4e080 44 API calls 67261->67262 67263 259c2a820dd 67262->67263 67264 259c2a4e080 44 API calls 67263->67264 67265 259c2a820ef 67264->67265 67266 259c2a4e080 44 API calls 67265->67266 67267 259c2a820ff 67266->67267 67268 259c2a4e080 44 API calls 67267->67268 67269 259c2a82127 67268->67269 67270 259c2a4e080 44 API calls 67269->67270 67271 259c2a8214f 67270->67271 67272 259c2a4d390 43 API calls 67271->67272 67273 259c2a821b7 67272->67273 67274 259c2a4d220 44 API calls 67273->67274 67275 259c2a821c8 67274->67275 67276 259c2a4d6c0 43 API calls 67275->67276 67277 259c2a826c6 67276->67277 67278 259c2a4d6c0 43 API calls 67277->67278 67279 259c2a8290d 67278->67279 67280 259c2a98f60 105 API calls 67279->67280 67281 259c2a8291e 67280->67281 67300 259c2a60120 62 API calls 4 library calls 67281->67300 67283 259c2a82c3e 67301 259c2a643d0 43 API calls 3 library calls 67283->67301 67285 259c2a82c7e 67292 259c2a83623 67285->67292 67302 259c2a4e900 51 API calls _Strcoll 67285->67302 67287 259c2a82c9a 67288 259c2a83737 67287->67288 67287->67292 67303 259c2a4e0f0 44 API calls Concurrency::cancel_current_task 67288->67303 67293 259c2accb70 _Strcoll 3 API calls 67292->67293 67294 259c2a83708 67293->67294 67297 259c2a84176 67296->67297 67298 259c2a85760 44 API calls 67297->67298 67299 259c2a81c6b 67298->67299 67299->67254 67300->67283 67301->67285 67302->67287 67304 259c2aa6bb7 67305 259c2aa6bc1 67304->67305 67310 259c2aa70b0 67305->67310 67308 259c2accb70 _Strcoll 3 API calls 67309 259c2aa6f13 67308->67309 67311 259c2aa6bd0 67310->67311 67315 259c2aa70ef 67310->67315 67311->67308 67312 259c2aa7368 67328 259c2a79930 IsProcessorFeaturePresent RtlCaptureContext RtlLookupFunctionEntry _Strcoll 67312->67328 67313 259c2aa72ed 67318 259c2aa73b2 Concurrency::cancel_current_task 67313->67318 67321 259c2aa72f2 67313->67321 67315->67312 67315->67313 67327 259c2a60dc0 43 API calls 67315->67327 67316 259c2aa7389 67329 259c2aa88e0 43 API calls 67316->67329 67330 259c2aa89c0 43 API calls 67318->67330 67319 259c2aa739f 67320 259c2a64740 43 API calls 67319->67320 67320->67318 67321->67311 67326 259c2a60dc0 43 API calls 67321->67326 67323 259c2aa73ea 67324 259c2a64740 43 API calls 67323->67324 67325 259c2aa73fd Concurrency::cancel_current_task 67324->67325 67326->67311 67327->67315 67328->67316 67329->67319 67330->67323 67331 259c2ab7db8 67332 259c2ab7c1c _fread_nolock 42 API calls 67331->67332 67334 259c2ab7dd7 67332->67334 67333 259c2ab7ddf 67334->67333 67336 259c2ab7e18 67334->67336 67353 259c2ab7d3c 42 API calls _invalid_parameter_noinfo 67334->67353 67336->67333 67337 259c2ab7e59 67336->67337 67354 259c2abc8f0 42 API calls 2 library calls 67336->67354 67342 259c2ab7c44 67337->67342 67340 259c2ab7e4d 67340->67337 67355 259c2abcfdc 7 API calls 2 library calls 67340->67355 67343 259c2ab7c1c _fread_nolock 42 API calls 67342->67343 67344 259c2ab7c69 67343->67344 67345 259c2ab7d0a 67344->67345 67346 259c2ab7c79 67344->67346 67365 259c2abb128 42 API calls _invalid_parameter_noinfo 67345->67365 67348 259c2ab7c97 67346->67348 67351 259c2ab7cb5 67346->67351 67364 259c2abb128 42 API calls _invalid_parameter_noinfo 67348->67364 67349 259c2ab7ca5 67349->67333 67351->67349 67356 259c2abdc0c 67351->67356 67353->67336 67354->67340 67355->67337 67357 259c2abdc3c 67356->67357 67366 259c2abda40 67357->67366 67359 259c2abdc55 67360 259c2abdc7b 67359->67360 67373 259c2aadb64 42 API calls 2 library calls 67359->67373 67362 259c2abdc90 67360->67362 67374 259c2aadb64 42 API calls 2 library calls 67360->67374 67362->67349 67364->67349 67365->67349 67367 259c2abda97 67366->67367 67372 259c2abda69 67366->67372 67368 259c2abdab0 67367->67368 67370 259c2abdb07 67367->67370 67380 259c2aafb20 42 API calls _invalid_parameter_noinfo 67368->67380 67370->67372 67375 259c2abdb60 67370->67375 67372->67359 67373->67360 67374->67362 67381 259c2ac3b78 67375->67381 67378 259c2abdb9e SetFilePointerEx 67379 259c2abdb8d __std_fs_directory_iterator_open _fread_nolock 67378->67379 67379->67372 67380->67372 67382 259c2ac3b96 67381->67382 67383 259c2ac3b81 67381->67383 67389 259c2abdb87 67382->67389 67395 259c2ab40ac 7 API calls _get_daylight 67382->67395 67393 259c2ab40ac 7 API calls _get_daylight 67383->67393 67386 259c2ac3b86 67394 259c2ab40cc 7 API calls _get_daylight 67386->67394 67387 259c2ac3bd1 67396 259c2ab40cc 7 API calls _get_daylight 67387->67396 67389->67378 67389->67379 67391 259c2ac3bd9 67397 259c2aafbec 42 API calls _invalid_parameter_noinfo 67391->67397 67393->67386 67394->67389 67395->67387 67396->67391 67397->67389 67398 259c2aaa716 67399 259c2aaa732 67398->67399 67400 259c2aaabc0 43 API calls 67399->67400 67401 259c2aaa2e0 67399->67401 67400->67401 67402 259c2aa662b 67403 259c2aa6651 67402->67403 67404 259c2aa663c 67402->67404 67405 259c2aa665a 67403->67405 67420 259c2aa681f 67403->67420 67408 259c2accb70 _Strcoll 3 API calls 67404->67408 67407 259c2a5fc80 43 API calls 67405->67407 67419 259c2aa66b2 67405->67419 67406 259c2aa68cf 67410 259c2aa70b0 43 API calls 67406->67410 67407->67419 67409 259c2aa6f13 67408->67409 67412 259c2aa68e8 67410->67412 67411 259c2aa70b0 43 API calls 67411->67420 67414 259c2aa65d0 3 API calls 67412->67414 67413 259c2aa6782 67417 259c2aa70b0 43 API calls 67413->67417 67414->67404 67415 259c2aa65d0 3 API calls 67415->67420 67416 259c2aa70b0 43 API calls 67416->67419 67418 259c2aa67bb 67417->67418 67422 259c2aa65d0 3 API calls 67418->67422 67419->67413 67419->67416 67421 259c2aa65d0 3 API calls 67419->67421 67420->67406 67420->67411 67420->67415 67421->67419 67422->67404 67423 259c2aac80b 67497 259c2a8b5f0 67423->67497 67425 259c2aacb35 67426 259c2accb70 _Strcoll 3 API calls 67425->67426 67427 259c2aad1e6 67426->67427 67428 259c2aa9610 43 API calls 67432 259c2aac66e 67428->67432 67429 259c2aaca48 67430 259c2aa9610 43 API calls 67429->67430 67431 259c2aaca50 67430->67431 67433 259c2aaca5c 67431->67433 67442 259c2aace8c 67431->67442 67432->67425 67432->67428 67432->67429 67434 259c2aacc6d 67432->67434 67435 259c2aacd22 67432->67435 67439 259c2a8a9b0 43 API calls 67432->67439 67515 259c2a8a810 67433->67515 67530 259c2a88950 43 API calls 4 library calls 67434->67530 67533 259c2a88950 43 API calls 4 library calls 67435->67533 67437 259c2aaca74 67438 259c2aa9610 43 API calls 67437->67438 67443 259c2aaca80 67438->67443 67439->67432 67539 259c2a88950 43 API calls 4 library calls 67442->67539 67447 259c2aaca8c 67443->67447 67461 259c2aacdd7 67443->67461 67444 259c2aaccd3 67531 259c2a85630 43 API calls _Strcoll 67444->67531 67445 259c2aacd88 67534 259c2a85630 43 API calls _Strcoll 67445->67534 67452 259c2aa9610 43 API calls 67447->67452 67450 259c2aacd98 67454 259c2aacda7 67450->67454 67464 259c2aad27d Concurrency::cancel_current_task 67450->67464 67451 259c2aacef2 67540 259c2a85630 43 API calls _Strcoll 67451->67540 67476 259c2aaca94 67452->67476 67453 259c2aacce3 67456 259c2aaccf2 67453->67456 67457 259c2aad260 Concurrency::cancel_current_task 67453->67457 67535 259c2a4ed70 8 API calls __std_exception_destroy 67454->67535 67532 259c2a4ed70 8 API calls __std_exception_destroy 67456->67532 67545 259c2a84110 43 API calls 67457->67545 67458 259c2aacf02 67462 259c2aacf11 67458->67462 67463 259c2aad2b7 Concurrency::cancel_current_task 67458->67463 67536 259c2a88950 43 API calls 4 library calls 67461->67536 67541 259c2a4ed70 8 API calls __std_exception_destroy 67462->67541 67548 259c2a84110 43 API calls 67463->67548 67546 259c2a84110 43 API calls 67464->67546 67469 259c2aace3d 67537 259c2a85630 43 API calls _Strcoll 67469->67537 67472 259c2aad29a Concurrency::cancel_current_task 67547 259c2a84110 43 API calls 67472->67547 67474 259c2aace4d 67474->67472 67477 259c2aace5c 67474->67477 67475 259c2aad2d4 Concurrency::cancel_current_task 67549 259c2a84110 43 API calls 67475->67549 67527 259c2a88950 43 API calls 4 library calls 67476->67527 67538 259c2a4ed70 8 API calls __std_exception_destroy 67477->67538 67480 259c2aacb02 67528 259c2a85630 43 API calls _Strcoll 67480->67528 67483 259c2aacb12 67484 259c2aacb21 67483->67484 67485 259c2aad21a 67483->67485 67529 259c2a4ed70 8 API calls __std_exception_destroy 67484->67529 67542 259c2a84110 43 API calls 67485->67542 67487 259c2aad2f1 Concurrency::cancel_current_task 67550 259c2a84110 43 API calls 67487->67550 67490 259c2aad226 Concurrency::cancel_current_task 67543 259c2a84110 43 API calls 67490->67543 67491 259c2aad30e Concurrency::cancel_current_task 67551 259c2a84110 43 API calls 67491->67551 67494 259c2aad32b Concurrency::cancel_current_task 67495 259c2aad243 Concurrency::cancel_current_task 67544 259c2a8a710 43 API calls 67495->67544 67498 259c2a8b685 67497->67498 67499 259c2a8b610 67497->67499 67500 259c2a8b6f7 67498->67500 67501 259c2a8b68f 67498->67501 67502 259c2a60fb0 43 API calls 67499->67502 67505 259c2a60fb0 43 API calls 67500->67505 67503 259c2a8b6c4 67501->67503 67504 259c2a8b69d 67501->67504 67506 259c2a8b635 67502->67506 67552 259c2a8e4b0 43 API calls 2 library calls 67503->67552 67507 259c2a60fb0 43 API calls 67504->67507 67509 259c2a8b71c 67505->67509 67510 259c2a60fb0 43 API calls 67506->67510 67511 259c2a8b6b6 67507->67511 67512 259c2a60fb0 43 API calls 67509->67512 67513 259c2a8b671 67510->67513 67511->67432 67514 259c2a8b759 67512->67514 67513->67432 67514->67432 67518 259c2a8a835 67515->67518 67516 259c2a8a911 67553 259c2a4b890 43 API calls 67516->67553 67517 259c2a8a868 67519 259c2accb98 std::_Facet_Register 43 API calls 67517->67519 67518->67516 67518->67517 67526 259c2a8a8c0 67518->67526 67521 259c2a8a88c 67519->67521 67523 259c2a5fe50 43 API calls 67521->67523 67524 259c2a8a8a8 67523->67524 67525 259c2a60840 43 API calls 67524->67525 67525->67526 67526->67437 67527->67480 67528->67483 67529->67425 67530->67444 67531->67453 67532->67425 67533->67445 67534->67450 67535->67425 67536->67469 67537->67474 67538->67425 67539->67451 67540->67458 67541->67425 67542->67490 67543->67495 67544->67457 67545->67464 67546->67472 67547->67463 67548->67475 67549->67487 67550->67491 67551->67494 67552->67511 67554 259c2a61795 67555 259c2accb98 std::_Facet_Register 43 API calls 67554->67555 67556 259c2a617a7 67555->67556 67557 259c2accb98 std::_Facet_Register 43 API calls 67556->67557 67558 259c2a617d6 67557->67558 67563 259c2a78140 67558->67563 67560 259c2a617fc 67560->67560 67561 259c2accb70 _Strcoll 3 API calls 67560->67561 67562 259c2a61a33 67561->67562 67564 259c2a78172 67563->67564 67574 259c2a78212 67563->67574 67565 259c2accb98 std::_Facet_Register 43 API calls 67564->67565 67566 259c2a7818d 67565->67566 67567 259c2a5fe50 43 API calls 67566->67567 67568 259c2a781ab 67567->67568 67569 259c2a61730 3 API calls 67568->67569 67570 259c2a781ba 67569->67570 67571 259c2a78140 43 API calls 67570->67571 67572 259c2a781ff 67571->67572 67573 259c2a78140 43 API calls 67572->67573 67573->67574 67574->67560 67575 259c2aa6929 67576 259c2aa6954 67575->67576 67583 259c2aa693f 67575->67583 67579 259c2aa695d 67576->67579 67581 259c2aa6b20 67576->67581 67577 259c2aa6b89 67578 259c2aa65d0 3 API calls 67577->67578 67578->67583 67586 259c2a65b00 43 API calls 67579->67586 67587 259c2aa69ba memcpy_s 67579->67587 67580 259c2accb70 _Strcoll 3 API calls 67584 259c2aa6f13 67580->67584 67581->67577 67585 259c2aa65d0 3 API calls 67581->67585 67582 259c2aa6aaa 67588 259c2aa65d0 3 API calls 67582->67588 67583->67580 67585->67581 67586->67587 67587->67582 67589 259c2aa65d0 3 API calls 67587->67589 67588->67583 67589->67587 67590 259c2a99b50 67591 259c2a99b80 67590->67591 67592 259c2ad98c0 49 API calls 67591->67592 67593 259c2a99b99 67592->67593 67594 259c2accb70 _Strcoll 3 API calls 67593->67594 67595 259c2a99bd6 67594->67595 67596 259c2a558f3 67604 259c2a4d8f0 67596->67604 67598 259c2a55926 FindNextFileW 67599 259c2a55944 67598->67599 67600 259c2a5595b 67599->67600 67601 259c2a55951 FindClose 67599->67601 67602 259c2accb70 _Strcoll 3 API calls 67600->67602 67601->67600 67603 259c2a5596b 67602->67603 67605 259c2a4d908 ISource 67604->67605 67605->67598 67606 259c2aa98ee 67611 259c2aaa1e0 67606->67611 67609 259c2accb70 _Strcoll 3 API calls 67610 259c2aa992b 67609->67610 67613 259c2aaa206 67611->67613 67612 259c2aaa232 67615 259c2aaabc0 43 API calls 67612->67615 67613->67612 67614 259c2a8b010 43 API calls 67613->67614 67614->67612 67616 259c2aa98f6 67615->67616 67616->67609

                                          Executed Functions

                                          Function 00000259C2A9FB30 Relevance: 45.7, APIs: 25, Strings: 1, Instructions: 225windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Object$DeleteMetricsSystem$CreateSelectStream_$CapsCompatibleCriticalDeviceReleaseSection$BitmapEnterLeaveReadResetSizeStream
                                          • String ID:
                                          • API String ID: 3214587331-3916222277
                                          • Opcode ID: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                          • Instruction ID: 84613653aef21ff250846b75e89ee1bddfcdf8c54c331fbbdca8fe7dc1183de0
                                          • Opcode Fuzzy Hash: e8e9b911cd9b9f557c011d0a693391b94df579aa06795856880fde4b09ecdcd5
                                          • Instruction Fuzzy Hash: 23B11F72218FC0C6EB60DB21E85839AB3A5F79DB82F408516DAC943B99DF3CC585CB04
                                          Function 00000259C2AD98C0 Relevance: 27.2, APIs: 18, Instructions: 229fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 40 259c2ad98c0-259c2ad9900 41 259c2ad9915-259c2ad991e 40->41 42 259c2ad9902-259c2ad9909 40->42 44 259c2ad9920-259c2ad9923 41->44 45 259c2ad993a-259c2ad993c 41->45 42->41 43 259c2ad990b-259c2ad9910 42->43 48 259c2ad9b94-259c2ad9bba call 259c2accb70 43->48 44->45 49 259c2ad9925-259c2ad992d 44->49 46 259c2ad9b92 45->46 47 259c2ad9942-259c2ad9946 45->47 46->48 51 259c2ad9a1d-259c2ad9a44 call 259c2ad9c94 47->51 52 259c2ad994c-259c2ad994f 47->52 53 259c2ad9933-259c2ad9936 49->53 54 259c2ad992f-259c2ad9931 49->54 63 259c2ad9a66-259c2ad9a6f 51->63 64 259c2ad9a46-259c2ad9a4f 51->64 57 259c2ad9951-259c2ad9959 52->57 58 259c2ad9963-259c2ad9975 GetFileAttributesExW 52->58 53->45 54->45 54->53 57->58 60 259c2ad995b-259c2ad995d 57->60 61 259c2ad99c8-259c2ad99d7 58->61 62 259c2ad9977-259c2ad9980 call 259c2af2160 58->62 60->51 60->58 66 259c2ad99db-259c2ad99dd 61->66 62->48 77 259c2ad9986-259c2ad9998 FindFirstFileW 62->77 70 259c2ad9a75-259c2ad9a8d GetFileInformationByHandleEx 63->70 71 259c2ad9b23-259c2ad9b2c 63->71 67 259c2ad9a51-259c2ad9a59 call 259c2af2138 64->67 68 259c2ad9a5f-259c2ad9a61 64->68 72 259c2ad99df-259c2ad99e7 66->72 73 259c2ad99e9-259c2ad9a17 66->73 67->68 94 259c2ad9bd5-259c2ad9bda call 259c2ab7bc4 67->94 68->48 78 259c2ad9ab5-259c2ad9ace 70->78 79 259c2ad9a8f-259c2ad9a9b call 259c2af2160 70->79 74 259c2ad9b2e-259c2ad9b42 GetFileInformationByHandleEx 71->74 75 259c2ad9b7b-259c2ad9b7d 71->75 72->51 72->73 73->46 73->51 80 259c2ad9b68-259c2ad9b78 74->80 81 259c2ad9b44-259c2ad9b50 call 259c2af2160 74->81 86 259c2ad9b7f-259c2ad9b83 75->86 87 259c2ad9bbb-259c2ad9bbf 75->87 84 259c2ad99a5-259c2ad99c6 FindClose 77->84 85 259c2ad999a-259c2ad99a0 call 259c2af2160 77->85 78->71 82 259c2ad9ad0-259c2ad9ad4 78->82 106 259c2ad9aae-259c2ad9ab0 79->106 107 259c2ad9a9d-259c2ad9aa8 call 259c2af2138 79->107 80->75 81->106 108 259c2ad9b56-259c2ad9b61 call 259c2af2138 81->108 92 259c2ad9ad6-259c2ad9af0 GetFileInformationByHandleEx 82->92 93 259c2ad9b1c 82->93 84->66 85->48 86->46 96 259c2ad9b85-259c2ad9b90 call 259c2af2138 86->96 90 259c2ad9bc1-259c2ad9bcc call 259c2af2138 87->90 91 259c2ad9bce-259c2ad9bd3 87->91 90->91 90->94 91->48 100 259c2ad9af2-259c2ad9afe call 259c2af2160 92->100 101 259c2ad9b13-259c2ad9b1a 92->101 105 259c2ad9b20 93->105 117 259c2ad9bdb-259c2ad9be0 call 259c2ab7bc4 94->117 96->46 96->94 100->106 120 259c2ad9b00-259c2ad9b0b call 259c2af2138 100->120 101->105 105->71 106->48 107->106 118 259c2ad9be7-259c2ad9bef call 259c2ab7bc4 107->118 123 259c2ad9be1-259c2ad9be6 call 259c2ab7bc4 108->123 124 259c2ad9b63 108->124 117->123 120->117 130 259c2ad9b11 120->130 123->118 124->106 130->106
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
                                          • String ID:
                                          • API String ID: 2398595512-0
                                          • Opcode ID: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                          • Instruction ID: beb8ef0f5d2d41801925fdc58ad28d2c1a977bc50e83a9e160f28a7b3428af42
                                          • Opcode Fuzzy Hash: 9b9cafa6476ba7d57e6375b49b2d31870033937920a690a77e8b0d8031f3f21f
                                          • Instruction Fuzzy Hash: 67915E32204F42C6FF64CB25AC4875923A1A78DFB7F1547169AFA47BE4DB38C885860C
                                          Function 00000259C2AA1660 Relevance: 26.6, APIs: 4, Strings: 10, Instructions: 2133timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InformationTimeZone
                                          • String ID: %d-%m-%Y, %H:%M:%S$[UTC$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                          • API String ID: 565725191-1610854563
                                          • Opcode ID: 3b056a77ab6aacff0f5bc4b2aed67937af5d42f3596e8105ae4ef8b417f4de78
                                          • Instruction ID: bef0570e508256f687c0d495c81faf5b81b96a52afce0646fce5a1212998c7ad
                                          • Opcode Fuzzy Hash: 3b056a77ab6aacff0f5bc4b2aed67937af5d42f3596e8105ae4ef8b417f4de78
                                          • Instruction Fuzzy Hash: EC236A72614FC0C9EB21CB25E8543DD67A1F78DB9AF509216EADD06BA9DB78C280C704
                                          Function 00000259C2AA1FF0 Relevance: 22.5, APIs: 3, Strings: 9, Instructions: 1516COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Name$DevicesDisplayEnum$ComputerCurrentFileGlobalMemoryModuleProfileStatusUserValuewcsftime
                                          • String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
                                          • API String ID: 2509368203-1182675529
                                          • Opcode ID: f651b7326582497df5145f037cfac37631f424b128664ffa237f7dc2174f46b5
                                          • Instruction ID: b02d17303b6ba0a61edd59ba33b4a4391bffeb3abe468711990366b4847fe891
                                          • Opcode Fuzzy Hash: f651b7326582497df5145f037cfac37631f424b128664ffa237f7dc2174f46b5
                                          • Instruction Fuzzy Hash: 35F25972614FC0C9DB218F65E8943DD77A1F789B9AF409216EA8D07BA9DB78C290C704
                                          Function 00000259C2A5B820 Relevance: 20.1, APIs: 8, Strings: 3, Instructions: 862libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1195 259c2a5b820-259c2a5b91f LoadLibraryA 1196 259c2a5c7e0-259c2a5c7ea 1195->1196 1197 259c2a5b925-259c2a5bce0 GetProcAddress * 6 1195->1197 1199 259c2a5c7ec-259c2a5c7ee 1196->1199 1200 259c2a5c7f9-259c2a5c7fc 1196->1200 1197->1196 1198 259c2a5bce6-259c2a5bce9 1197->1198 1198->1196 1203 259c2a5bcef-259c2a5bcf2 1198->1203 1199->1200 1201 259c2a5c7fe-259c2a5c801 FreeLibrary 1200->1201 1202 259c2a5c807-259c2a5c836 call 259c2accb70 1200->1202 1201->1202 1203->1196 1205 259c2a5bcf8-259c2a5bcfb 1203->1205 1205->1196 1208 259c2a5bd01-259c2a5bd04 1205->1208 1208->1196 1209 259c2a5bd0a-259c2a5bd0d 1208->1209 1209->1196 1210 259c2a5bd13-259c2a5bd21 1209->1210 1211 259c2a5bd25-259c2a5bd27 1210->1211 1211->1196 1212 259c2a5bd2d-259c2a5bd39 1211->1212 1212->1196 1213 259c2a5bd3f-259c2a5bd48 1212->1213 1214 259c2a5bd50-259c2a5bd6b 1213->1214 1216 259c2a5c7c7-259c2a5c7d3 1214->1216 1217 259c2a5bd71-259c2a5bd8f 1214->1217 1216->1214 1218 259c2a5c7d9 1216->1218 1217->1216 1220 259c2a5bd95-259c2a5bda7 1217->1220 1218->1196 1221 259c2a5bdad 1220->1221 1222 259c2a5c7b3-259c2a5c7c2 1220->1222 1223 259c2a5bdb2-259c2a5be03 call 259c2accb98 1221->1223 1222->1216 1228 259c2a5be09-259c2a5be10 1223->1228 1229 259c2a5c082 1223->1229 1228->1229 1230 259c2a5be16-259c2a5bf0f call 259c2a91bf0 call 259c2a622d0 call 259c2a625a0 1228->1230 1231 259c2a5c084-259c2a5c08b 1229->1231 1256 259c2a5bf10-259c2a5bf18 1230->1256 1233 259c2a5c301-259c2a5c33d 1231->1233 1234 259c2a5c091-259c2a5c098 1231->1234 1241 259c2a5c5d7-259c2a5c5d9 1233->1241 1242 259c2a5c343-259c2a5c351 1233->1242 1234->1233 1236 259c2a5c09e-259c2a5c18b call 259c2a91bf0 call 259c2a622d0 call 259c2a625a0 1234->1236 1268 259c2a5c192-259c2a5c19a 1236->1268 1248 259c2a5c5df-259c2a5c708 call 259c2a65330 call 259c2a5eda0 call 259c2a65330 call 259c2a5eda0 call 259c2a60fb0 call 259c2accb98 call 259c2a79100 1241->1248 1249 259c2a5c785-259c2a5c79b call 259c2a5e3a0 1241->1249 1246 259c2a5c5d0-259c2a5c5d3 1242->1246 1247 259c2a5c357-259c2a5c35e 1242->1247 1246->1241 1252 259c2a5c5d5 1246->1252 1247->1246 1254 259c2a5c364-259c2a5c458 call 259c2a91bf0 call 259c2a622d0 call 259c2a625a0 1247->1254 1341 259c2a5c70a-259c2a5c70c 1248->1341 1342 259c2a5c714-259c2a5c727 call 259c2a60840 1248->1342 1263 259c2a5bdb0 1249->1263 1264 259c2a5c7a1-259c2a5c7ac 1249->1264 1252->1241 1285 259c2a5c460-259c2a5c467 1254->1285 1256->1256 1261 259c2a5bf1a-259c2a5bf74 call 259c2a65330 call 259c2a63990 call 259c2a60fb0 1256->1261 1291 259c2a5bfa7-259c2a5bfd1 1261->1291 1292 259c2a5bf76-259c2a5bf87 1261->1292 1263->1223 1264->1222 1268->1268 1272 259c2a5c19c-259c2a5c1f5 call 259c2a65330 call 259c2a63990 call 259c2a60fb0 1268->1272 1310 259c2a5c1f7-259c2a5c208 1272->1310 1311 259c2a5c228-259c2a5c252 1272->1311 1285->1285 1289 259c2a5c469-259c2a5c4c2 call 259c2a65330 call 259c2a63990 call 259c2a60fb0 1285->1289 1349 259c2a5c4f5-259c2a5c51e 1289->1349 1350 259c2a5c4c4-259c2a5c4d5 1289->1350 1301 259c2a5c009-259c2a5c02f 1291->1301 1302 259c2a5bfd3-259c2a5bfe7 1291->1302 1297 259c2a5bf89-259c2a5bf9c 1292->1297 1298 259c2a5bfa2 call 259c2accb90 1292->1298 1297->1298 1308 259c2a5c891-259c2a5c896 call 259c2aafc0c 1297->1308 1298->1291 1306 259c2a5c067-259c2a5c080 1301->1306 1307 259c2a5c031-259c2a5c045 1301->1307 1303 259c2a5bfe9-259c2a5bffc 1302->1303 1304 259c2a5c002-259c2a5c007 call 259c2accb90 1302->1304 1303->1304 1313 259c2a5c897-259c2a5c89c call 259c2aafc0c 1303->1313 1304->1301 1306->1231 1319 259c2a5c060-259c2a5c065 call 259c2accb90 1307->1319 1320 259c2a5c047-259c2a5c05a 1307->1320 1308->1313 1321 259c2a5c20a-259c2a5c21d 1310->1321 1322 259c2a5c223 call 259c2accb90 1310->1322 1316 259c2a5c28a-259c2a5c2b0 1311->1316 1317 259c2a5c254-259c2a5c268 1311->1317 1331 259c2a5c89d-259c2a5c8a2 call 259c2aafc0c 1313->1331 1333 259c2a5c2e8-259c2a5c2fa 1316->1333 1334 259c2a5c2b2-259c2a5c2c6 1316->1334 1328 259c2a5c26a-259c2a5c27d 1317->1328 1329 259c2a5c283-259c2a5c288 call 259c2accb90 1317->1329 1319->1306 1320->1319 1320->1331 1321->1322 1336 259c2a5c8a3-259c2a5c8a8 call 259c2aafc0c 1321->1336 1322->1311 1328->1329 1343 259c2a5c8a9-259c2a5c8ae call 259c2aafc0c 1328->1343 1329->1316 1331->1336 1333->1233 1345 259c2a5c2c8-259c2a5c2db 1334->1345 1346 259c2a5c2e1-259c2a5c2e6 call 259c2accb90 1334->1346 1336->1343 1351 259c2a5c83d-259c2a5c88a call 259c2a60a00 call 259c2a64670 call 259c2a64740 call 259c2acf198 1341->1351 1352 259c2a5c712 1341->1352 1363 259c2a5c72b-259c2a5c737 1342->1363 1355 259c2a5c8af-259c2a5c8b4 call 259c2aafc0c 1343->1355 1345->1346 1345->1355 1346->1333 1364 259c2a5c520-259c2a5c534 1349->1364 1365 259c2a5c554-259c2a5c57a 1349->1365 1360 259c2a5c4f0 call 259c2accb90 1350->1360 1361 259c2a5c4d7-259c2a5c4ea 1350->1361 1391 259c2a5c88b-259c2a5c890 call 259c2aafc0c 1351->1391 1352->1363 1369 259c2a5c8b5-259c2a5c8ba call 259c2aafc0c 1355->1369 1360->1349 1361->1360 1361->1369 1374 259c2a5c75e-259c2a5c768 call 259c2a69d50 1363->1374 1375 259c2a5c739-259c2a5c75c 1363->1375 1372 259c2a5c54f call 259c2accb90 1364->1372 1373 259c2a5c536-259c2a5c549 1364->1373 1377 259c2a5c5b0-259c2a5c5c9 1365->1377 1378 259c2a5c57c-259c2a5c590 1365->1378 1372->1365 1373->1372 1380 259c2a5c837-259c2a5c83c call 259c2aafc0c 1373->1380 1382 259c2a5c76d-259c2a5c77e call 259c2a60fb0 1374->1382 1375->1382 1377->1246 1385 259c2a5c5ab call 259c2accb90 1378->1385 1386 259c2a5c592-259c2a5c5a5 1378->1386 1380->1351 1382->1249 1385->1377 1386->1385 1386->1391 1391->1308
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AddressProc$Library$FreeLoad
                                          • String ID: cannot use push_back() with $system$vault
                                          • API String ID: 2449869053-1741236777
                                          • Opcode ID: 9371eb30fe06620e9d8191ef09f09a1ddfa88cba1675d902425f2d26ea30df17
                                          • Instruction ID: e6036827ad5e6dda27e84ad655f74c0a772c6324441e2202853baadd3186908a
                                          • Opcode Fuzzy Hash: 9371eb30fe06620e9d8191ef09f09a1ddfa88cba1675d902425f2d26ea30df17
                                          • Instruction Fuzzy Hash: AD922872205FC4D9DB608F29E8843DE73A5F749B99F104226EA9C5BB99EF74C684C304
                                          Function 00000259C2A96480 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1480 259c2a96480-259c2a964a2 call 259c2a99760 1483 259c2a964a4-259c2a964cd call 259c2a99aa0 call 259c2aa4740 call 259c2a5fb00 ExitProcess 1480->1483 1484 259c2a964ce-259c2a96580 call 259c2aa5970 * 2 call 259c2aa1ff0 call 259c2a96eb0 1480->1484 1483->1484 1499 259c2a96582-259c2a96594 1484->1499 1500 259c2a965b4-259c2a965eb OpenMutexA 1484->1500 1501 259c2a96596-259c2a965a9 1499->1501 1502 259c2a965af call 259c2accb90 1499->1502 1503 259c2a965f9-259c2a96630 CreateMutexA call 259c2a909f0 call 259c2a99be0 1500->1503 1504 259c2a965ed-259c2a965f8 ExitProcess 1500->1504 1501->1502 1506 259c2a96746-259c2a9674b call 259c2aafc0c 1501->1506 1502->1500 1515 259c2a96632-259c2a9663d ExitProcess 1503->1515 1516 259c2a9663e-259c2a966a1 call 259c2aa22f0 call 259c2a5b820 call 259c2a5c8c0 call 259c2a5cf60 call 259c2a5dc90 call 259c2a5acc0 call 259c2a80d70 call 259c2a83a60 call 259c2a51100 call 259c2a59090 call 259c2a57940 call 259c2a970e0 call 259c2a5a1f0 call 259c2a55a90 call 259c2a52e30 call 259c2a55d60 call 259c2a9e9f0 1503->1516 1504->1503 1512 259c2a9674c-259c2a96751 call 259c2aafc0c 1506->1512 1515->1516 1553 259c2a966a6-259c2a966b6 call 259c2a95a80 1516->1553 1557 259c2a966b8-259c2a966c4 ReleaseMutex call 259c2af2138 1553->1557 1558 259c2a966ca-259c2a966d1 1553->1558 1557->1558 1560 259c2a966d3-259c2a966d8 call 259c2a96760 1558->1560 1561 259c2a966d9-259c2a966e5 1558->1561 1560->1561 1563 259c2a96715-259c2a96745 call 259c2accb70 1561->1563 1564 259c2a966e7-259c2a966f9 1561->1564 1567 259c2a966fb-259c2a9670e 1564->1567 1568 259c2a96710 call 259c2accb90 1564->1568 1567->1512 1567->1568 1568->1563
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Process$Exit$MutexOpenToken$CreateCurrentFileInformationInitializeModuleName
                                          • String ID: SeDebugPrivilege$SeImpersonatePrivilege
                                          • API String ID: 470559343-3768118664
                                          • Opcode ID: ee9a05d127fa369541cf39afede76aca2154aefe3429ab8ff2d6008fa31e4eed
                                          • Instruction ID: 443133592ee59c4caf8f6a51209f4d9e71ffabe331d59d5cdbc30421d1c70ecf
                                          • Opcode Fuzzy Hash: ee9a05d127fa369541cf39afede76aca2154aefe3429ab8ff2d6008fa31e4eed
                                          • Instruction Fuzzy Hash: 8B618E61608E80C1EE20BB65AC593AE6355EB8DF83F500513E7CD42BEADF3CC1C58A18
                                          Function 00000259C2AC114C Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1571 259c2ac114c-259c2ac1187 call 259c2ac07e8 call 259c2ac07f0 call 259c2ac0858 1578 259c2ac13b1-259c2ac13fd call 259c2aafc3c call 259c2ac07e8 call 259c2ac07f0 call 259c2ac0858 1571->1578 1579 259c2ac118d-259c2ac1198 call 259c2ac07f8 1571->1579 1605 259c2ac1403-259c2ac140e call 259c2ac07f8 1578->1605 1606 259c2ac153b-259c2ac15a9 call 259c2aafc3c call 259c2ac9d94 1578->1606 1579->1578 1585 259c2ac119e-259c2ac11a8 1579->1585 1586 259c2ac11ca-259c2ac11ce 1585->1586 1587 259c2ac11aa-259c2ac11ad 1585->1587 1590 259c2ac11d1-259c2ac11d9 1586->1590 1589 259c2ac11b0-259c2ac11bb 1587->1589 1592 259c2ac11c6-259c2ac11c8 1589->1592 1593 259c2ac11bd-259c2ac11c4 1589->1593 1590->1590 1594 259c2ac11db-259c2ac11ee call 259c2abdedc 1590->1594 1592->1586 1596 259c2ac11f7-259c2ac1205 1592->1596 1593->1589 1593->1592 1601 259c2ac1206-259c2ac1212 call 259c2abb550 1594->1601 1602 259c2ac11f0-259c2ac11f2 call 259c2abb550 1594->1602 1613 259c2ac1219-259c2ac1221 1601->1613 1602->1596 1605->1606 1616 259c2ac1414-259c2ac141f call 259c2ac0828 1605->1616 1625 259c2ac15b7-259c2ac15ba 1606->1625 1626 259c2ac15ab-259c2ac15b2 1606->1626 1613->1613 1614 259c2ac1223-259c2ac1234 call 259c2ac62e8 1613->1614 1614->1578 1624 259c2ac123a-259c2ac1290 call 259c2adf960 * 4 call 259c2ac1068 1614->1624 1616->1606 1623 259c2ac1425-259c2ac1448 call 259c2abb550 GetTimeZoneInformation 1616->1623 1639 259c2ac144e-259c2ac146f 1623->1639 1640 259c2ac1510-259c2ac153a call 259c2ac07e0 call 259c2ac07d0 call 259c2ac07d8 1623->1640 1683 259c2ac1292-259c2ac1296 1624->1683 1630 259c2ac15f1-259c2ac1604 call 259c2abdedc 1625->1630 1631 259c2ac15bc 1625->1631 1629 259c2ac1647-259c2ac164a 1626->1629 1635 259c2ac15bf 1629->1635 1636 259c2ac1650-259c2ac1658 call 259c2ac114c 1629->1636 1649 259c2ac1606 1630->1649 1650 259c2ac160f-259c2ac162a call 259c2ac9d94 1630->1650 1631->1635 1637 259c2ac15c4-259c2ac15f0 call 259c2abb550 call 259c2accb70 1635->1637 1638 259c2ac15bf call 259c2ac13c8 1635->1638 1636->1637 1638->1637 1644 259c2ac1471-259c2ac1477 1639->1644 1645 259c2ac147a-259c2ac1481 1639->1645 1644->1645 1652 259c2ac1495 1645->1652 1653 259c2ac1483-259c2ac148b 1645->1653 1657 259c2ac1608-259c2ac160d call 259c2abb550 1649->1657 1666 259c2ac1631-259c2ac1643 call 259c2abb550 1650->1666 1667 259c2ac162c-259c2ac162f 1650->1667 1662 259c2ac1497-259c2ac150b call 259c2adf960 * 4 call 259c2ac4cb4 call 259c2ac1660 * 2 1652->1662 1653->1652 1659 259c2ac148d-259c2ac1493 1653->1659 1657->1631 1659->1662 1662->1640 1666->1629 1667->1657 1686 259c2ac1298 1683->1686 1687 259c2ac129c-259c2ac12a0 1683->1687 1686->1687 1687->1683 1689 259c2ac12a2-259c2ac12c7 call 259c2ab3f10 1687->1689 1695 259c2ac12ca-259c2ac12ce 1689->1695 1697 259c2ac12dd-259c2ac12e1 1695->1697 1698 259c2ac12d0-259c2ac12db 1695->1698 1697->1695 1698->1697 1700 259c2ac12e3-259c2ac12e7 1698->1700 1702 259c2ac1368-259c2ac136c 1700->1702 1703 259c2ac12e9-259c2ac1311 call 259c2ab3f10 1700->1703 1704 259c2ac1373-259c2ac1380 1702->1704 1705 259c2ac136e-259c2ac1370 1702->1705 1711 259c2ac1313 1703->1711 1712 259c2ac132f-259c2ac1333 1703->1712 1707 259c2ac1382-259c2ac1398 call 259c2ac1068 1704->1707 1708 259c2ac139b-259c2ac13aa call 259c2ac07e0 call 259c2ac07d0 1704->1708 1705->1704 1707->1708 1708->1578 1715 259c2ac1316-259c2ac131d 1711->1715 1712->1702 1717 259c2ac1335-259c2ac1353 call 259c2ab3f10 1712->1717 1715->1712 1719 259c2ac131f-259c2ac132d 1715->1719 1723 259c2ac135f-259c2ac1366 1717->1723 1719->1712 1719->1715 1723->1702 1724 259c2ac1355-259c2ac1359 1723->1724 1724->1702 1725 259c2ac135b 1724->1725 1725->1723
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _get_daylight$_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                          • API String ID: 355007559-239921721
                                          • Opcode ID: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
                                          • Instruction ID: e8c8f4cf5da02947f0310d4840b86f36ac9b60bc7e30894fc83f515842d6b8f3
                                          • Opcode Fuzzy Hash: 81739166be4aa7f83f73f8b5c4c772bb7cbf832f5b2b22088efdd0610fe74ccd
                                          • Instruction Fuzzy Hash: 77D1BE36700A40C5EF20EF3ADC587A967A9E74DF87F448127EA9947BC5DA3AC4C18748
                                          Function 00000259C2A9F200 Relevance: 13.9, APIs: 9, Instructions: 408networkfileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1726 259c2a9f200-259c2a9f39e 1727 259c2a9f3a0-259c2a9f3a7 1726->1727 1727->1727 1728 259c2a9f3a9-259c2a9f3dc call 259c2a65330 InternetOpenA 1727->1728 1731 259c2a9f3e2-259c2a9f3f8 1728->1731 1732 259c2a9f475-259c2a9f48c 1728->1732 1735 259c2a9f400-259c2a9f408 1731->1735 1733 259c2a9f491-259c2a9f4b8 InternetOpenUrlA 1732->1733 1734 259c2a9f48e 1732->1734 1736 259c2a9f4e9-259c2a9f514 HttpQueryInfoW 1733->1736 1737 259c2a9f4ba-259c2a9f4e4 1733->1737 1734->1733 1738 259c2a9f43b-259c2a9f474 call 259c2accb70 1735->1738 1739 259c2a9f40a-259c2a9f41b 1735->1739 1743 259c2a9f516-259c2a9f54a 1736->1743 1744 259c2a9f54f-259c2a9f5aa HttpQueryInfoW 1736->1744 1737->1735 1740 259c2a9f436 call 259c2accb90 1739->1740 1741 259c2a9f41d-259c2a9f430 1739->1741 1740->1738 1741->1740 1745 259c2a9f875-259c2a9f87a call 259c2aafc0c 1741->1745 1743->1744 1747 259c2a9f5d8-259c2a9f5ee InternetQueryDataAvailable 1744->1747 1748 259c2a9f5ac-259c2a9f5c2 call 259c2ab3f10 1744->1748 1762 259c2a9f87b-259c2a9f880 call 259c2a4b7b0 1745->1762 1753 259c2a9f7d3-259c2a9f826 InternetCloseHandle 1747->1753 1754 259c2a9f5f4-259c2a9f5f9 1747->1754 1748->1747 1761 259c2a9f5c4-259c2a9f5d3 call 259c2a651e0 1748->1761 1760 259c2a9f82f-259c2a9f838 1753->1760 1758 259c2a9f600-259c2a9f606 1754->1758 1758->1753 1763 259c2a9f60c-259c2a9f626 1758->1763 1760->1738 1764 259c2a9f83e-259c2a9f84f 1760->1764 1761->1747 1767 259c2a9f628-259c2a9f62e 1763->1767 1768 259c2a9f699-259c2a9f6b1 InternetReadFile 1763->1768 1764->1740 1769 259c2a9f855-259c2a9f868 1764->1769 1774 259c2a9f65c-259c2a9f65f call 259c2accb98 1767->1774 1775 259c2a9f630-259c2a9f637 1767->1775 1771 259c2a9f6b7-259c2a9f6bc 1768->1771 1772 259c2a9f78d-259c2a9f794 1768->1772 1769->1745 1778 259c2a9f86a 1769->1778 1771->1772 1779 259c2a9f6c2-259c2a9f6cd 1771->1779 1772->1753 1780 259c2a9f796-259c2a9f7a7 1772->1780 1782 259c2a9f664-259c2a9f694 call 259c2adf960 1774->1782 1775->1762 1776 259c2a9f63d-259c2a9f648 call 259c2accb98 1775->1776 1791 259c2a9f86f-259c2a9f874 call 259c2aafc0c 1776->1791 1795 259c2a9f64e-259c2a9f65a 1776->1795 1778->1740 1783 259c2a9f6ff-259c2a9f719 call 259c2a65cb0 1779->1783 1784 259c2a9f6cf-259c2a9f6fd call 259c2adf2c0 1779->1784 1785 259c2a9f7c2-259c2a9f7cf call 259c2accb90 1780->1785 1786 259c2a9f7a9-259c2a9f7bc 1780->1786 1782->1768 1799 259c2a9f71a-259c2a9f721 1783->1799 1784->1799 1785->1753 1786->1785 1786->1791 1791->1745 1795->1782 1801 259c2a9f723-259c2a9f734 1799->1801 1802 259c2a9f764 1799->1802 1803 259c2a9f736-259c2a9f749 1801->1803 1804 259c2a9f74f-259c2a9f762 call 259c2accb90 1801->1804 1805 259c2a9f766-259c2a9f77c InternetQueryDataAvailable 1802->1805 1803->1791 1803->1804 1804->1805 1805->1753 1807 259c2a9f77e-259c2a9f788 1805->1807 1807->1758
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskFileHandleRead
                                          • String ID:
                                          • API String ID: 1475545111-0
                                          • Opcode ID: 959a8b8c722fd78e25b7c72defa744749a8e1a74bc870614e379c2a583aa0042
                                          • Instruction ID: 214926e85e3893e47686013cfcd2da14fd0858fefa1c1ec47e708f2ce41d21be
                                          • Opcode Fuzzy Hash: 959a8b8c722fd78e25b7c72defa744749a8e1a74bc870614e379c2a583aa0042
                                          • Instruction Fuzzy Hash: 0A026C32A18F94C5EB10DB6AE84435E77B5F789B99F204216EED857BA8DF39C081C704
                                          Function 00000259C2ADE968 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1809 259c2ade968-259c2ade9db call 259c2ade54c 1812 259c2ade9f5-259c2ade9ff call 259c2ac397c 1809->1812 1813 259c2ade9dd-259c2ade9e6 call 259c2ab40ac 1809->1813 1819 259c2adea01-259c2adea18 call 259c2ab40ac call 259c2ab40cc 1812->1819 1820 259c2adea1a-259c2adea83 CreateFileW 1812->1820 1818 259c2ade9e9-259c2ade9f0 call 259c2ab40cc 1813->1818 1835 259c2aded36-259c2aded56 1818->1835 1819->1818 1821 259c2adea85-259c2adea8b 1820->1821 1822 259c2adeb00-259c2adeb0b GetFileType 1820->1822 1825 259c2adeacd-259c2adeafb call 259c2af2160 call 259c2ab4040 1821->1825 1826 259c2adea8d-259c2adea91 1821->1826 1828 259c2adeb0d-259c2adeb48 call 259c2af2160 call 259c2ab4040 call 259c2af2138 1822->1828 1829 259c2adeb5e-259c2adeb65 1822->1829 1825->1818 1826->1825 1831 259c2adea93-259c2adeacb CreateFileW 1826->1831 1828->1818 1855 259c2adeb4e-259c2adeb59 call 259c2ab40cc 1828->1855 1833 259c2adeb67-259c2adeb6b 1829->1833 1834 259c2adeb6d-259c2adeb70 1829->1834 1831->1822 1831->1825 1839 259c2adeb76-259c2adebcb call 259c2ac3894 1833->1839 1834->1839 1840 259c2adeb72 1834->1840 1849 259c2adebcd-259c2adebd9 call 259c2ade754 1839->1849 1850 259c2adebea-259c2adec1b call 259c2ade2cc 1839->1850 1840->1839 1849->1850 1861 259c2adebdb 1849->1861 1859 259c2adec21-259c2adec63 1850->1859 1860 259c2adec1d-259c2adec1f 1850->1860 1855->1818 1864 259c2adec85-259c2adec90 1859->1864 1865 259c2adec65-259c2adec69 1859->1865 1863 259c2adebdd-259c2adebe5 call 259c2abb6c8 1860->1863 1861->1863 1863->1835 1868 259c2adec96-259c2adec9a 1864->1868 1869 259c2aded34 1864->1869 1865->1864 1867 259c2adec6b-259c2adec80 1865->1867 1867->1864 1868->1869 1871 259c2adeca0-259c2adece5 call 259c2af2138 CreateFileW 1868->1871 1869->1835 1874 259c2adece7-259c2aded15 call 259c2af2160 call 259c2ab4040 call 259c2ac3abc 1871->1874 1875 259c2aded1a-259c2aded2f 1871->1875 1874->1875 1875->1869
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                          • String ID:
                                          • API String ID: 1617910340-0
                                          • Opcode ID: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                          • Instruction ID: 625da82a03355fba81bd5af2f2c45010e918825c4e2e5f1884b3dc04ce842eec
                                          • Opcode Fuzzy Hash: 484b9744f6cc28d441a3ba22cd2a9bb849a09fc1e06d845b9773f87c4c6ec638
                                          • Instruction Fuzzy Hash: DDC18C36721F40C5EF10CFA9C9956AC3761E349FAAF015216DBAA9B7D4CB38C496C304
                                          Function 00000259C2A98F60 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1907 259c2a98f60-259c2a98fe5 call 259c2a4e9a0 1910 259c2a98ff1-259c2a98ff4 1907->1910 1911 259c2a98fe7-259c2a98fe9 1907->1911 1914 259c2a98ff6-259c2a99002 1910->1914 1915 259c2a99007-259c2a99020 call 259c2adf960 1910->1915 1912 259c2a99700-259c2a99716 call 259c2a4e0f0 1911->1912 1913 259c2a98fef 1911->1913 1924 259c2a99717-259c2a9971c call 259c2aafc0c 1912->1924 1913->1914 1916 259c2a9967f-259c2a996ab call 259c2accb70 1914->1916 1922 259c2a99022 1915->1922 1923 259c2a99025-259c2a9908b call 259c2aa91d0 1915->1923 1922->1923 1930 259c2a99091-259c2a99099 1923->1930 1931 259c2a99485-259c2a994bf call 259c2a74da0 call 259c2a74cc0 1923->1931 1932 259c2a9971d-259c2a99751 call 259c2a4ba80 call 259c2a4cc70 call 259c2acf198 1924->1932 1935 259c2a9909b 1930->1935 1936 259c2a9909e call 259c2aa3b30 1930->1936 1948 259c2a994c1-259c2a994d2 call 259c2a651e0 1931->1948 1949 259c2a994de-259c2a9956c call 259c2a74da0 call 259c2aa76a0 1931->1949 1935->1936 1942 259c2a990a3-259c2a990c1 call 259c2aa3cf0 1936->1942 1950 259c2a990c7-259c2a990dd 1942->1950 1951 259c2a9919c-259c2a991b6 GetFileSize 1942->1951 1960 259c2a994d7 1948->1960 1949->1932 1975 259c2a99572-259c2a99576 call 259c2a72080 1949->1975 1956 259c2a99113-259c2a99197 call 259c2a719c0 1950->1956 1957 259c2a990df-259c2a990f3 1950->1957 1958 259c2a991b8-259c2a991db 1951->1958 1959 259c2a991dd-259c2a991f3 1951->1959 1976 259c2a9966b-259c2a9967a call 259c2adac3c 1956->1976 1962 259c2a990f5-259c2a99108 1957->1962 1963 259c2a9910e call 259c2accb90 1957->1963 1965 259c2a99242-259c2a9928b SetFilePointer ReadFile 1958->1965 1966 259c2a99225-259c2a9923d call 259c2a65b00 1959->1966 1967 259c2a991f5-259c2a99223 call 259c2adf960 1959->1967 1960->1949 1962->1924 1962->1963 1963->1956 1970 259c2a993a2-259c2a993c6 1965->1970 1971 259c2a99291-259c2a992e3 1965->1971 1966->1965 1967->1965 1985 259c2a993c8-259c2a993dc 1970->1985 1986 259c2a993fc-259c2a99480 call 259c2a719c0 1970->1986 1983 259c2a992e5-259c2a992f9 1971->1983 1984 259c2a99319-259c2a9939d call 259c2a719c0 1971->1984 1982 259c2a9957b-259c2a9957e 1975->1982 1976->1916 1990 259c2a995ad-259c2a99667 call 259c2a719c0 1982->1990 1991 259c2a99580-259c2a995a7 1982->1991 1992 259c2a99314 call 259c2accb90 1983->1992 1993 259c2a992fb-259c2a9930e 1983->1993 1984->1976 1987 259c2a993f7 call 259c2accb90 1985->1987 1988 259c2a993de-259c2a993f1 1985->1988 1986->1976 1987->1986 1988->1924 1988->1987 1990->1976 1991->1990 1997 259c2a996ac-259c2a996af 1991->1997 1992->1984 1993->1924 1993->1992 2001 259c2a996b1-259c2a996b8 1997->2001 2002 259c2a996ba-259c2a996cb 1997->2002 2004 259c2a996cf-259c2a996ff call 259c2a4ba80 call 259c2a4cc70 call 259c2acf198 2001->2004 2002->2004 2004->1912
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: File$PointerReadSize
                                          • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                          • API String ID: 404940565-15404121
                                          • Opcode ID: 130f996bef3d173b626716d9372166bbf675c5929c0e46e11e63a7f840eda3ca
                                          • Instruction ID: b6809d637f405f921fc6f49bb02619f0f0fba804eb2b28c24796e3763139ad8e
                                          • Opcode Fuzzy Hash: 130f996bef3d173b626716d9372166bbf675c5929c0e46e11e63a7f840eda3ca
                                          • Instruction Fuzzy Hash: A3323332214BC5D9EB20CF29DC843DD37A5F789B4AF508226DA8D47B99EB74C685C708
                                          Function 00000259C2AC13C8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2129 259c2ac13c8-259c2ac13fd call 259c2ac07e8 call 259c2ac07f0 call 259c2ac0858 2136 259c2ac1403-259c2ac140e call 259c2ac07f8 2129->2136 2137 259c2ac153b-259c2ac15a9 call 259c2aafc3c call 259c2ac9d94 2129->2137 2136->2137 2143 259c2ac1414-259c2ac141f call 259c2ac0828 2136->2143 2149 259c2ac15b7-259c2ac15ba 2137->2149 2150 259c2ac15ab-259c2ac15b2 2137->2150 2143->2137 2148 259c2ac1425-259c2ac1448 call 259c2abb550 GetTimeZoneInformation 2143->2148 2161 259c2ac144e-259c2ac146f 2148->2161 2162 259c2ac1510-259c2ac153a call 259c2ac07e0 call 259c2ac07d0 call 259c2ac07d8 2148->2162 2153 259c2ac15f1-259c2ac1604 call 259c2abdedc 2149->2153 2154 259c2ac15bc 2149->2154 2152 259c2ac1647-259c2ac164a 2150->2152 2157 259c2ac15bf 2152->2157 2158 259c2ac1650-259c2ac1658 call 259c2ac114c 2152->2158 2169 259c2ac1606 2153->2169 2170 259c2ac160f-259c2ac162a call 259c2ac9d94 2153->2170 2154->2157 2159 259c2ac15c4-259c2ac15f0 call 259c2abb550 call 259c2accb70 2157->2159 2160 259c2ac15bf call 259c2ac13c8 2157->2160 2158->2159 2160->2159 2165 259c2ac1471-259c2ac1477 2161->2165 2166 259c2ac147a-259c2ac1481 2161->2166 2165->2166 2172 259c2ac1495 2166->2172 2173 259c2ac1483-259c2ac148b 2166->2173 2176 259c2ac1608-259c2ac160d call 259c2abb550 2169->2176 2184 259c2ac1631-259c2ac1643 call 259c2abb550 2170->2184 2185 259c2ac162c-259c2ac162f 2170->2185 2180 259c2ac1497-259c2ac150b call 259c2adf960 * 4 call 259c2ac4cb4 call 259c2ac1660 * 2 2172->2180 2173->2172 2178 259c2ac148d-259c2ac1493 2173->2178 2176->2154 2178->2180 2180->2162 2184->2152 2185->2176
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                          • API String ID: 3458911817-239921721
                                          • Opcode ID: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
                                          • Instruction ID: 7af32c79fe87427cc43e4171c292a9552f4e0dc2b2e7a9a6b2417e3aa4da8214
                                          • Opcode Fuzzy Hash: 8c7917a29c397fa3200ed5a7405142a85cef7c6524de68c4b18d81a385570565
                                          • Instruction Fuzzy Hash: 62515A32700A44C6EB10EF36EC897996768F74DF87F444127AA9987BD6DB39C4818B48
                                          Function 00000259C2AB749C Relevance: 9.2, APIs: 6, Instructions: 227COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2206 259c2ab749c-259c2ab74b0 2207 259c2ab74b2-259c2ab74be call 259c2ab40cc call 259c2aafbec 2206->2207 2208 259c2ab74cd-259c2ab74e4 2206->2208 2218 259c2ab74c3 2207->2218 2208->2207 2210 259c2ab74e6-259c2ab74ea 2208->2210 2212 259c2ab74ec-259c2ab74f8 call 259c2ab40cc 2210->2212 2213 259c2ab74fa-259c2ab7507 2210->2213 2212->2218 2213->2212 2214 259c2ab7509 call 259c2ac16e0 2213->2214 2220 259c2ab750e-259c2ab7525 call 259c2ac07f8 2214->2220 2221 259c2ab74c5-259c2ab74cc 2218->2221 2224 259c2ab7783-259c2ab779b call 259c2aafc3c 2220->2224 2225 259c2ab752b-259c2ab7536 call 259c2ac0828 2220->2225 2225->2224 2230 259c2ab753c-259c2ab7547 call 259c2ac0858 2225->2230 2230->2224 2233 259c2ab754d-259c2ab7564 2230->2233 2234 259c2ab75c6-259c2ab75d3 call 259c2ac0b6c 2233->2234 2235 259c2ab7566-259c2ab757f call 259c2ac0b6c 2233->2235 2234->2221 2241 259c2ab75d9-259c2ab75df 2234->2241 2235->2221 2240 259c2ab7585-259c2ab7588 2235->2240 2242 259c2ab777c-259c2ab777e 2240->2242 2243 259c2ab758e-259c2ab7598 call 259c2ac1724 2240->2243 2244 259c2ab75e1-259c2ab75eb call 259c2ac1724 2241->2244 2245 259c2ab75fe 2241->2245 2242->2221 2243->2242 2255 259c2ab759e-259c2ab75b4 call 259c2ac0b6c 2243->2255 2244->2245 2256 259c2ab75ed-259c2ab75fc 2244->2256 2246 259c2ab7602-259c2ab762f 2245->2246 2249 259c2ab7631-259c2ab7638 2246->2249 2250 259c2ab763a-259c2ab767b 2246->2250 2249->2250 2253 259c2ab7687-259c2ab76d2 2250->2253 2254 259c2ab767d-259c2ab7684 2250->2254 2258 259c2ab76d4-259c2ab76db 2253->2258 2259 259c2ab76de-259c2ab76f8 2253->2259 2254->2253 2255->2221 2263 259c2ab75ba-259c2ab75c1 2255->2263 2256->2246 2258->2259 2261 259c2ab7725 2259->2261 2262 259c2ab76fa-259c2ab7723 2259->2262 2261->2242 2264 259c2ab7727-259c2ab775c 2261->2264 2262->2242 2263->2242 2265 259c2ab7779 2264->2265 2266 259c2ab775e-259c2ab7777 2264->2266 2265->2242 2266->2242
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 1405656091-0
                                          • Opcode ID: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                          • Instruction ID: 9e36d57b1347b4303a0f27bc8dc1b46a89f70798c30156fcb74d92efce878d06
                                          • Opcode Fuzzy Hash: 842d06e59cb7d0c874962108e89d6781c57040cb1ba9c53ec58eb2fa30030a5a
                                          • Instruction Fuzzy Hash: ED81C8B3700645CBEF588F39CD053A837A5E75CB8BF049126DA498ABC9EB78D581C744
                                          Function 00000259C2AA8B70 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2267 259c2aa8b70-259c2aa8bb5 2268 259c2aa8e81-259c2aa8ebb call 259c2aac4d0 call 259c2aa9610 2267->2268 2269 259c2aa8bbb-259c2aa8be5 call 259c2adf960 2267->2269 2278 259c2aa8ec0-259c2aa8ec6 2268->2278 2275 259c2aa8bf4-259c2aa8c2d call 259c2a84f50 call 259c2aab600 call 259c2aa9610 2269->2275 2276 259c2aa8be7-259c2aa8bf0 2269->2276 2305 259c2aa8c33-259c2aa8cb8 call 259c2a65330 call 259c2a850b0 call 259c2a88950 call 259c2a85630 2275->2305 2306 259c2aa8dc4-259c2aa8dcb 2275->2306 2276->2275 2281 259c2aa9057-259c2aa905b 2278->2281 2282 259c2aa8ecc-259c2aa8f4b call 259c2a65330 call 259c2a850b0 call 259c2a88950 call 259c2a85630 2278->2282 2284 259c2aa9061-259c2aa90be call 259c2a60840 call 259c2a60fb0 2281->2284 2285 259c2aa9129-259c2aa9130 2281->2285 2330 259c2aa8f51-259c2aa8f59 2282->2330 2331 259c2aa919b-259c2aa91b7 call 259c2a84110 call 259c2acf198 2282->2331 2288 259c2aa90fd-259c2aa9128 call 259c2accb70 2284->2288 2314 259c2aa90c0-259c2aa90d5 2284->2314 2287 259c2aa9132-259c2aa9147 2285->2287 2285->2288 2293 259c2aa90ec-259c2aa90f8 call 259c2accb90 2287->2293 2294 259c2aa9149-259c2aa915c 2287->2294 2293->2288 2299 259c2aa9166-259c2aa916b call 259c2aafc0c 2294->2299 2300 259c2aa915e 2294->2300 2322 259c2aa916c-259c2aa9188 call 259c2a84110 call 259c2acf198 2299->2322 2300->2293 2305->2322 2361 259c2aa8cbe-259c2aa8cc6 2305->2361 2311 259c2aa8e15-259c2aa8e18 2306->2311 2312 259c2aa8dcd-259c2aa8e13 call 259c2a60840 2306->2312 2318 259c2aa8e1a-259c2aa8e5b call 259c2a60840 2311->2318 2319 259c2aa8e70-259c2aa8e7c call 259c2a84d70 2311->2319 2333 259c2aa8e60-259c2aa8e6f call 259c2a60fb0 2312->2333 2314->2293 2321 259c2aa90d7-259c2aa90ea 2314->2321 2318->2333 2319->2288 2321->2293 2321->2299 2350 259c2aa9189-259c2aa918e call 259c2aafc0c 2322->2350 2338 259c2aa8f5b-259c2aa8f6c 2330->2338 2339 259c2aa8f8c-259c2aa8fd1 call 259c2aceae0 * 2 2330->2339 2351 259c2aa91b8-259c2aa91bd call 259c2aafc0c 2331->2351 2333->2319 2344 259c2aa8f87 call 259c2accb90 2338->2344 2345 259c2aa8f6e-259c2aa8f81 2338->2345 2369 259c2aa8fd3-259c2aa8fe5 2339->2369 2370 259c2aa9005-259c2aa9018 2339->2370 2344->2339 2345->2344 2345->2351 2368 259c2aa918f-259c2aa9194 call 259c2aafc0c 2350->2368 2367 259c2aa91be-259c2aa91c3 call 259c2aafc0c 2351->2367 2365 259c2aa8cc8-259c2aa8cda 2361->2365 2366 259c2aa8cfa-259c2aa8d40 call 259c2aceae0 * 2 2361->2366 2373 259c2aa8cf5 call 259c2accb90 2365->2373 2374 259c2aa8cdc-259c2aa8cef 2365->2374 2396 259c2aa8d73-259c2aa8d85 2366->2396 2397 259c2aa8d42-259c2aa8d53 2366->2397 2389 259c2aa9195-259c2aa919a call 259c2aafc0c 2368->2389 2378 259c2aa8fe7-259c2aa8ffa 2369->2378 2379 259c2aa9000 call 259c2accb90 2369->2379 2371 259c2aa904c-259c2aa9052 2370->2371 2372 259c2aa901a-259c2aa902c 2370->2372 2371->2281 2380 259c2aa9047 call 259c2accb90 2372->2380 2381 259c2aa902e-259c2aa9041 2372->2381 2373->2366 2374->2350 2374->2373 2378->2367 2378->2379 2379->2370 2380->2371 2381->2380 2387 259c2aa9160-259c2aa9165 call 259c2aafc0c 2381->2387 2387->2299 2389->2331 2398 259c2aa8d87-259c2aa8d99 2396->2398 2399 259c2aa8db9-259c2aa8dbf 2396->2399 2400 259c2aa8d55-259c2aa8d68 2397->2400 2401 259c2aa8d6e call 259c2accb90 2397->2401 2402 259c2aa8db4 call 259c2accb90 2398->2402 2403 259c2aa8d9b-259c2aa8dae 2398->2403 2399->2306 2400->2368 2400->2401 2401->2396 2402->2399 2403->2389 2403->2402
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_destroy
                                          • String ID: value
                                          • API String ID: 2453523683-494360628
                                          • Opcode ID: 850281e08b541cdb5390706529d716b470d4b8d1bed4819e1008a8dbaf93e1ed
                                          • Instruction ID: b7e3c79df9200df1d5151dee95ce696a8013fa84ab2c7100f93ef045ef3811e1
                                          • Opcode Fuzzy Hash: 850281e08b541cdb5390706529d716b470d4b8d1bed4819e1008a8dbaf93e1ed
                                          • Instruction Fuzzy Hash: 04026C22A14FC0C9EF40CB75D8883AD6761EB99BA6F505212FADD42BDADB78C1C5C704
                                          Function 00000259C2A5C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328processCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                          • String ID: [PID:
                                          • API String ID: 420147892-2210602247
                                          • Opcode ID: ae7c4dced35d93affd00a503f79e7c8bcef263ef5bfb0f1a16b693553bd8a15c
                                          • Instruction ID: 7eed6e04d53086e400eeb6c8fe61fd56cc59a28a594c4e64169235c111692e8b
                                          • Opcode Fuzzy Hash: ae7c4dced35d93affd00a503f79e7c8bcef263ef5bfb0f1a16b693553bd8a15c
                                          • Instruction Fuzzy Hash: 9EE18E72614FC095EB20CB25E88439E77A5F789BAAF504216EA9D07BD9DF38C285C704
                                          Function 00000259C2AA5970 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                          • String ID:
                                          • API String ID: 3038321057-0
                                          • Opcode ID: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                          • Instruction ID: 06f121b2238c35e5ce0d782bb772f0821265cd9c918c5716852822179cf133e0
                                          • Opcode Fuzzy Hash: 29a02e95aae9899e0029659e102052f54fff5397b51cb33b914b83ea41570e5f
                                          • Instruction Fuzzy Hash: 12215E32218F80C6EB50CB51F84834AB3A4F78CB92F558126EACA43B58DF7CC5858B04
                                          Function 00000259C2A81340 Relevance: 6.8, Strings: 5, Instructions: 599COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
                                          • API String ID: 0-2713369562
                                          • Opcode ID: 4f4f14dd75114081a346586ea709c78d277ac964eca45cf718d416b8a6a0c1ea
                                          • Instruction ID: 7f8f20073772461b748c8e6df1a7a7cd1ccca04903dd4c0e56162db3d7173b57
                                          • Opcode Fuzzy Hash: 4f4f14dd75114081a346586ea709c78d277ac964eca45cf718d416b8a6a0c1ea
                                          • Instruction Fuzzy Hash: 36521932509FC4C5EAB19B15E8853DAB3A4F7CDB86F505226DACC42B99EF78C194CB04
                                          Function 00000259C2A9E9F0 Relevance: 6.4, APIs: 4, Instructions: 417networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: recv$Cleanupclosesocket
                                          • String ID:
                                          • API String ID: 146070474-0
                                          • Opcode ID: 6f4091cd486aafdfe5a78df46b912ecd752a41b095143445b23a4eef97a08e8e
                                          • Instruction ID: 064e5c7323a3a9fd9465fe187b40cae57111746a996529b5131c40c4933ac528
                                          • Opcode Fuzzy Hash: 6f4091cd486aafdfe5a78df46b912ecd752a41b095143445b23a4eef97a08e8e
                                          • Instruction Fuzzy Hash: 03125B72618FC0C1EE209B15E8583DAA761E78DB92F504213EAED46BDADF79C4C5CB04
                                          Function 00000259C2A5ACC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 671COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Cred$EnumerateFree
                                          • String ID: cannot use push_back() with
                                          • API String ID: 3403564193-4122110429
                                          • Opcode ID: c36819fedae0510b011262ae9609d54af2ded0009ad2dbf1c32083310b9cb21a
                                          • Instruction ID: b4dff9bee1312a6af73542cdc38351464455ddf916ece1f6b790e82bca8dc495
                                          • Opcode Fuzzy Hash: c36819fedae0510b011262ae9609d54af2ded0009ad2dbf1c32083310b9cb21a
                                          • Instruction Fuzzy Hash: 89623972614FC4C9EB208F65E8843DD77A1F789B9AF504216EAAD17BD9DB38C284C704
                                          Function 00000259C2AAC55A Relevance: 5.6, Strings: 4, Instructions: 566COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: array$object$object key$object separator
                                          • API String ID: 0-2277530871
                                          • Opcode ID: 67436389a04c99e8054f3e0aa3fffa1fd3ae553f7ec7f9764ff34f684751c61b
                                          • Instruction ID: e20572a767bc54df5a0c01bac17380d551af63b63fdb75cdfcea76bae19c428a
                                          • Opcode Fuzzy Hash: 67436389a04c99e8054f3e0aa3fffa1fd3ae553f7ec7f9764ff34f684751c61b
                                          • Instruction Fuzzy Hash: C742A062614F84D6EF10DB34C8583ED2361FB9AB86F902613EA8957BDADF74C284C744
                                          Function 00000259C2A91EA0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CryptDataFreeLocalUnprotect
                                          • String ID:
                                          • API String ID: 1561624719-0
                                          • Opcode ID: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                          • Instruction ID: aa57932dc851f70d18f7a4d4d525274f08148fc130bed25707ec4d5fb3915c2d
                                          • Opcode Fuzzy Hash: 534917215b691bdf8008ca3940d01222a19eb5e5d5bf9c8332b99172fc4e0cb2
                                          • Instruction Fuzzy Hash: 4E415B33614B80CAFB209F75D8443DD37A4F759B8DF44422AEB8806E8ADB79C5A4C348
                                          Function 00000259C2AA13B0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DriveLogicalStrings
                                          • String ID:
                                          • API String ID: 2022863570-0
                                          • Opcode ID: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                          • Instruction ID: c6ed5ffaec5603a1005c860aeb4ce8451a863182a9f6ec06d797f2f4051488d1
                                          • Opcode Fuzzy Hash: 05563d9c9f8d9765ab942f76f343afa8ceddb3167ad04ffcdfa04968ca2d4d44
                                          • Instruction Fuzzy Hash: 3C418132A18F80C2E710CF25E88439EB774F799B84F145216EAC823B69DB78D5D1DB44
                                          Function 00000259C2AA0110 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: NameUser
                                          • String ID:
                                          • API String ID: 2645101109-0
                                          • Opcode ID: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                          • Instruction ID: 652e5634dd104d2ba225dc55b5c019424ac63e86fa6d35de26f6861c575a85aa
                                          • Opcode Fuzzy Hash: 5706546f313706de72a237bf98d2ae5729b4666c4094d2ca0903643dc08702f3
                                          • Instruction Fuzzy Hash: CC016132218B80C2EB21DF25E85539AB3A5F79CB89F440112EACD42799DFBCC6D4CB44
                                          Function 00000259C2AA0820 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: cores
                                          • API String ID: 0-2370456839
                                          • Opcode ID: 4fc0d753065259fec565b281c6730a4adfab5fad9c1ffe782f646639cec6a140
                                          • Instruction ID: 5b66983b957133625ddb279f889dc33e18564247908f6474562d0f49ab770ca7
                                          • Opcode Fuzzy Hash: 4fc0d753065259fec565b281c6730a4adfab5fad9c1ffe782f646639cec6a140
                                          • Instruction Fuzzy Hash: 78C1FD63E04B80CAEB10CF79D8043AD7761E79DBA9F105316EA9812BDADB78C2C5C744
                                          Function 00000259C2AA70B0 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: \u%04x
                                          • API String ID: 0-2916071157
                                          • Opcode ID: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                          • Instruction ID: c4170b1f63889b13446aa0f2fe16b5df325c8096b6f2f501e171497208cca886
                                          • Opcode Fuzzy Hash: 06a80ac53363f504e8d291dc153b6a47b21947aca11156197ff4547b1ef6832f
                                          • Instruction Fuzzy Hash: 8F81E322204A80C1EE54CB55DD587AE67A1FB89F82F848023DF8E437E5DF38C699C748
                                          Function 00000259C2AA662B Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: ":
                                          • API String ID: 0-3662656813
                                          • Opcode ID: 896a4f67027aaf01e5dfe48ac692d3832c0c554c68eb6b2fca54ea41666aa8bb
                                          • Instruction ID: d07b6fd4861ddb3b75f948ff89d1776057ad5d3ab8619cfabcc5130b59cd0fb1
                                          • Opcode Fuzzy Hash: 896a4f67027aaf01e5dfe48ac692d3832c0c554c68eb6b2fca54ea41666aa8bb
                                          • Instruction Fuzzy Hash: 1091F176204A85C1DF209F2AD49879E63A1F789FCAF449002CB9E47BA4CF39C598CB04
                                          Function 00000259C2A622D0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                          Download Yara Rule
                                          Strings
                                          • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00000259C2A62359
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                                          • API String ID: 0-1713319389
                                          • Opcode ID: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                          • Instruction ID: e8808eed582286f274fd3eca36049a2cf8d73dd7daebe4c5c743f169c160beb5
                                          • Opcode Fuzzy Hash: 0e1e18df8e43834f8c2d261b7060e305521bf1430a60c216941d6cdd0af00934
                                          • Instruction Fuzzy Hash: 3341D263619AE08ADB02CB39841537D7FB1E36AF89F1C8162DBD487B46DA3DC246D710
                                          Function 00000259C2A5CF60 Relevance: .7, Instructions: 715COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5dfab60cd898a47b142bfcdc239227ece7719f4ad1c1a5427b439e5710bfaff
                                          • Instruction ID: 522ff8c808052cf5d181231d9a69d21c84d3d34ce9883cb41d1548905ef271b0
                                          • Opcode Fuzzy Hash: b5dfab60cd898a47b142bfcdc239227ece7719f4ad1c1a5427b439e5710bfaff
                                          • Instruction Fuzzy Hash: 63723A72614FC4C9EB20CB69E84439E73A5F78DB99F504216EADC57B99EB78C280C704
                                          Function 00000259C2A4F1C0 Relevance: .3, Instructions: 344COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c220a6810ee678c063d72965325b525ecaaf8d2400666b94ac433f277fe0e33
                                          • Instruction ID: ea954b81a1b885d40a88163ef488ddcd9102f095770e03b40b26bfda71b7410e
                                          • Opcode Fuzzy Hash: 6c220a6810ee678c063d72965325b525ecaaf8d2400666b94ac433f277fe0e33
                                          • Instruction Fuzzy Hash: CFF16D72A04F84CAEB218B69E84535DB7A5F78CBA9F105315EEDC57B98EB38C190C704
                                          Function 00000259C2A4F8B0 Relevance: .3, Instructions: 336COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dff676497c9fb129e8543d1e2cfdd6b70021982477bb203991b294b01c83d258
                                          • Instruction ID: 55f5fbff8fafff361e4302b69a3fef3ec3350bceefd20f67cac988257b1db714
                                          • Opcode Fuzzy Hash: dff676497c9fb129e8543d1e2cfdd6b70021982477bb203991b294b01c83d258
                                          • Instruction Fuzzy Hash: A8F15D32604F84CAEB218B69E84535D77A5F78CBA9F105316EEDC57B99EB38C190CB04
                                          Function 00000259C2A98B30 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 194windowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 700 259c2a98b30-259c2a98b6b call 259c2a988b0 703 259c2a98bac 700->703 704 259c2a98b6d-259c2a98b7c EnterCriticalSection 700->704 707 259c2a98bb1-259c2a98bcf call 259c2accb70 703->707 705 259c2a98b7e-259c2a98ba0 GdiplusStartup 704->705 706 259c2a98bd0-259c2a98bea LeaveCriticalSection GdipGetImageEncodersSize 704->706 705->706 709 259c2a98ba2-259c2a98ba6 LeaveCriticalSection 705->709 706->703 708 259c2a98bec-259c2a98bff 706->708 711 259c2a98c01-259c2a98c0a call 259c2a98640 708->711 712 259c2a98c3b-259c2a98c49 call 259c2ab66e4 708->712 709->703 718 259c2a98c38 711->718 719 259c2a98c0c-259c2a98c16 711->719 720 259c2a98c4b-259c2a98c4e 712->720 721 259c2a98c50-259c2a98c5a 712->721 718->712 723 259c2a98c22-259c2a98c36 call 259c2acd830 719->723 724 259c2a98c18 719->724 722 259c2a98c5e 720->722 721->722 725 259c2a98c61-259c2a98c64 722->725 723->725 724->723 727 259c2a98c66-259c2a98c6b 725->727 728 259c2a98c70-259c2a98c7e GdipGetImageEncoders 725->728 730 259c2a98dde-259c2a98de1 727->730 731 259c2a98c84-259c2a98c8d 728->731 732 259c2a98dc9-259c2a98dce 728->732 735 259c2a98e04-259c2a98e06 730->735 736 259c2a98de3-259c2a98de7 730->736 733 259c2a98cbf 731->733 734 259c2a98c8f-259c2a98c9d 731->734 732->730 739 259c2a98cc6-259c2a98cd6 733->739 737 259c2a98ca0-259c2a98cab 734->737 735->707 738 259c2a98df0-259c2a98e02 call 259c2aaefd8 736->738 740 259c2a98cb8-259c2a98cbd 737->740 741 259c2a98cad-259c2a98cb2 737->741 738->735 743 259c2a98cd8-259c2a98ce9 739->743 744 259c2a98cef-259c2a98d0b 739->744 740->733 740->737 741->740 745 259c2a98d6d-259c2a98d71 741->745 743->732 743->744 747 259c2a98d78-259c2a98db7 GdipCreateBitmapFromHBITMAP GdipSaveImageToStream 744->747 748 259c2a98d0d-259c2a98d66 GdipCreateBitmapFromScan0 GdipSaveImageToStream 744->748 745->739 749 259c2a98db9 747->749 750 259c2a98dd0-259c2a98ddd GdipDisposeImage 747->750 751 259c2a98d76 748->751 752 259c2a98d68-259c2a98d6b 748->752 753 259c2a98dbc-259c2a98dc3 GdipDisposeImage 749->753 750->730 751->750 752->753 753->732
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
                                          • String ID: &
                                          • API String ID: 1703174404-3042966939
                                          • Opcode ID: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                          • Instruction ID: 99fd5c6b45710e28f48f7331ac994afdce08efb75b08725e6e738028c9dff8ce
                                          • Opcode Fuzzy Hash: e0228fc8eea7d5b1ef60bb9784c8d30ef67e4de2cf218bbc2f582390e882f76a
                                          • Instruction Fuzzy Hash: E8915A32205F40DAEF249F22DC0879837A4F75DF9BF558216AA8947BD4DB38C995C348
                                          Function 00000259C2A99BE0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 250networkCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1402 259c2a99be0-259c2a99c37 call 259c2a9f890 1405 259c2a99c39-259c2a99c41 1402->1405 1406 259c2a99c7d-259c2a99d61 call 259c2a724f0 call 259c2a65330 call 259c2a5eda0 call 259c2a65330 call 259c2a5eda0 call 259c2a60fb0 WSAStartup 1402->1406 1408 259c2a99c45-259c2a99c4d 1405->1408 1419 259c2a99e28 1406->1419 1438 259c2a99d67-259c2a99d8b socket 1406->1438 1410 259c2a99c52-259c2a99c62 1408->1410 1411 259c2a99c4f 1408->1411 1412 259c2a99c74-259c2a99c7b 1410->1412 1413 259c2a99c64-259c2a99c6e call 259c2adfd00 1410->1413 1411->1410 1412->1406 1412->1408 1413->1412 1413->1419 1422 259c2a99e2a-259c2a99e32 1419->1422 1424 259c2a99e34-259c2a99e45 1422->1424 1425 259c2a99e65-259c2a99ea9 call 259c2accb70 1422->1425 1428 259c2a99e47-259c2a99e5a 1424->1428 1429 259c2a99e60 call 259c2accb90 1424->1429 1428->1429 1430 259c2a99fcf-259c2a99fd4 call 259c2aafc0c 1428->1430 1429->1425 1439 259c2a99fd5-259c2a99fda call 259c2aafc0c 1430->1439 1440 259c2a99e22 WSACleanup 1438->1440 1441 259c2a99d91-259c2a99dbe htons 1438->1441 1440->1419 1443 259c2a99dc4-259c2a99dd4 call 259c2aa7890 1441->1443 1444 259c2a99ecd-259c2a99efe call 259c2a98e10 call 259c2a5fb70 1441->1444 1450 259c2a99dd6 1443->1450 1451 259c2a99dd9-259c2a99e06 inet_pton connect 1443->1451 1456 259c2a99f36-259c2a99f53 call 259c2a98e10 1444->1456 1457 259c2a99f00-259c2a99f16 1444->1457 1450->1451 1453 259c2a99eaa-259c2a99eb4 1451->1453 1454 259c2a99e0c-259c2a99e13 1451->1454 1453->1444 1458 259c2a99eb6-259c2a99ebf 1453->1458 1454->1443 1459 259c2a99e15-259c2a99e1c closesocket 1454->1459 1466 259c2a99f58-259c2a99f7c call 259c2a5fb70 1456->1466 1460 259c2a99f31 call 259c2accb90 1457->1460 1461 259c2a99f18-259c2a99f2b 1457->1461 1463 259c2a99ec1 1458->1463 1464 259c2a99ec4-259c2a99ecc call 259c2a615c0 1458->1464 1459->1440 1460->1456 1461->1439 1461->1460 1463->1464 1464->1444 1471 259c2a99fb8-259c2a99fc4 1466->1471 1472 259c2a99f7e-259c2a99f94 1466->1472 1471->1422 1473 259c2a99f96-259c2a99fa9 1472->1473 1474 259c2a99fab-259c2a99fb0 call 259c2accb90 1472->1474 1473->1474 1475 259c2a99fc9-259c2a99fce call 259c2aafc0c 1473->1475 1474->1471 1475->1430
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
                                          • String ID: geo$system
                                          • API String ID: 213021568-2364779556
                                          • Opcode ID: 67ab7e2fe52b207ab43a2340c61f1b33df04f9e154bcc21d82dc9e4adf29d0cd
                                          • Instruction ID: a74b90704718e02360ec29c1b2b338141f1df8fd4afc05e0a46308a0183c1ed4
                                          • Opcode Fuzzy Hash: 67ab7e2fe52b207ab43a2340c61f1b33df04f9e154bcc21d82dc9e4adf29d0cd
                                          • Instruction Fuzzy Hash: 8EC18A62B05F41D9EF00DBA5D89839C23B6A74DB9BF414213DA9D177E9DE38C586C308
                                          Function 00000259C2AA3B30 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1882 259c2aa3b30-259c2aa3b92 GetCurrentProcess GetProcessId RmStartSession 1883 259c2aa3c91 1882->1883 1884 259c2aa3b98-259c2aa3bbd RmRegisterResources 1882->1884 1887 259c2aa3c93-259c2aa3cb6 call 259c2accb70 1883->1887 1885 259c2aa3bc3-259c2aa3bf9 RmGetList 1884->1885 1886 259c2aa3c88-259c2aa3c8b RmEndSession 1884->1886 1889 259c2aa3cd4 1885->1889 1890 259c2aa3bff-259c2aa3c04 1885->1890 1886->1883 1893 259c2aa3cd7-259c2aa3cdf RmEndSession 1889->1893 1890->1889 1892 259c2aa3c0a-259c2aa3c30 call 259c2ab66e4 1890->1892 1892->1893 1896 259c2aa3c36-259c2aa3c58 RmGetList 1892->1896 1893->1887 1897 259c2aa3ccc-259c2aa3ccf call 259c2aaefd8 1896->1897 1898 259c2aa3c5a-259c2aa3c5d 1896->1898 1897->1889 1898->1897 1900 259c2aa3c5f-259c2aa3c68 1898->1900 1900->1886 1901 259c2aa3c6a 1900->1901 1902 259c2aa3c70-259c2aa3c7f 1901->1902 1903 259c2aa3c81-259c2aa3c86 1902->1903 1904 259c2aa3cb7-259c2aa3cca call 259c2aaefd8 RmEndSession 1902->1904 1903->1886 1903->1902 1904->1883
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Session$ListProcess$CurrentRegisterResourcesStart
                                          • String ID:
                                          • API String ID: 3299295986-0
                                          • Opcode ID: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                          • Instruction ID: 1321074710944a344bcabdc111fa5467d920ecf3a2be1e5a75671323f0cfe7e2
                                          • Opcode Fuzzy Hash: fd498ee3de36280c394abacf9467fc5b9ce5ac8d70b1b0db778499f5d870b0f3
                                          • Instruction Fuzzy Hash: 8D513F32700A51CAFB10CFA5E85869D73A1F74CB4AF50412BEE4A57BD4DE38C98ACB44
                                          Function 00000259C2ABD5F0 Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2011 259c2abd5f0-259c2abd616 2012 259c2abd618-259c2abd62c call 259c2ab40ac call 259c2ab40cc 2011->2012 2013 259c2abd631-259c2abd635 2011->2013 2030 259c2abda22 2012->2030 2015 259c2abda0b-259c2abda17 call 259c2ab40ac call 259c2ab40cc 2013->2015 2016 259c2abd63b-259c2abd642 2013->2016 2033 259c2abda1d call 259c2aafbec 2015->2033 2016->2015 2018 259c2abd648-259c2abd676 2016->2018 2018->2015 2021 259c2abd67c-259c2abd683 2018->2021 2025 259c2abd685-259c2abd697 call 259c2ab40ac call 259c2ab40cc 2021->2025 2026 259c2abd69c-259c2abd69f 2021->2026 2025->2033 2027 259c2abd6a5-259c2abd6ab 2026->2027 2028 259c2abda07-259c2abda09 2026->2028 2027->2028 2032 259c2abd6b1-259c2abd6b4 2027->2032 2034 259c2abda25-259c2abda3c 2028->2034 2030->2034 2032->2025 2036 259c2abd6b6-259c2abd6db 2032->2036 2033->2030 2039 259c2abd6dd-259c2abd6df 2036->2039 2040 259c2abd70e-259c2abd715 2036->2040 2042 259c2abd706-259c2abd70c 2039->2042 2043 259c2abd6e1-259c2abd6e8 2039->2043 2044 259c2abd717-259c2abd73f call 259c2abdedc call 259c2abb550 * 2 2040->2044 2045 259c2abd6ea-259c2abd701 call 259c2ab40ac call 259c2ab40cc call 259c2aafbec 2040->2045 2047 259c2abd78c-259c2abd7a3 2042->2047 2043->2042 2043->2045 2072 259c2abd741-259c2abd757 call 259c2ab40cc call 259c2ab40ac 2044->2072 2073 259c2abd75c-259c2abd787 call 259c2abdcb0 2044->2073 2076 259c2abd894 2045->2076 2051 259c2abd7a5-259c2abd7ad 2047->2051 2052 259c2abd81e-259c2abd828 call 259c2ac7c7c 2047->2052 2051->2052 2056 259c2abd7af-259c2abd7b1 2051->2056 2064 259c2abd8b2 2052->2064 2065 259c2abd82e-259c2abd843 2052->2065 2056->2052 2057 259c2abd7b3-259c2abd7c9 2056->2057 2057->2052 2061 259c2abd7cb-259c2abd7d7 2057->2061 2061->2052 2066 259c2abd7d9-259c2abd7db 2061->2066 2068 259c2abd8b7-259c2abd8d7 ReadFile 2064->2068 2065->2064 2070 259c2abd845-259c2abd857 GetConsoleMode 2065->2070 2066->2052 2071 259c2abd7dd-259c2abd7f5 2066->2071 2074 259c2abd9d1-259c2abd9da call 259c2af2160 2068->2074 2075 259c2abd8dd-259c2abd8e5 2068->2075 2070->2064 2077 259c2abd859-259c2abd861 2070->2077 2071->2052 2079 259c2abd7f7-259c2abd803 2071->2079 2072->2076 2073->2047 2092 259c2abd9f7-259c2abd9fa 2074->2092 2093 259c2abd9dc-259c2abd9f2 call 259c2ab40cc call 259c2ab40ac 2074->2093 2075->2074 2083 259c2abd8eb 2075->2083 2080 259c2abd897-259c2abd8a1 call 259c2abb550 2076->2080 2077->2068 2084 259c2abd863-259c2abd885 call 259c2af23b8 2077->2084 2079->2052 2086 259c2abd805-259c2abd807 2079->2086 2080->2034 2090 259c2abd8f2-259c2abd907 2083->2090 2099 259c2abd8a6-259c2abd8b0 2084->2099 2100 259c2abd887 call 259c2af2160 2084->2100 2086->2052 2094 259c2abd809-259c2abd819 2086->2094 2090->2080 2097 259c2abd909-259c2abd914 2090->2097 2103 259c2abd88d-259c2abd88f call 259c2ab4040 2092->2103 2104 259c2abda00-259c2abda02 2092->2104 2093->2076 2094->2052 2105 259c2abd916-259c2abd92f call 259c2abd208 2097->2105 2106 259c2abd93b-259c2abd943 2097->2106 2099->2090 2100->2103 2103->2076 2104->2080 2114 259c2abd934-259c2abd936 2105->2114 2110 259c2abd945-259c2abd957 2106->2110 2111 259c2abd9bf-259c2abd9cc call 259c2abd048 2106->2111 2115 259c2abd9b2-259c2abd9ba 2110->2115 2116 259c2abd959 2110->2116 2111->2114 2114->2080 2115->2080 2119 259c2abd95e-259c2abd965 2116->2119 2121 259c2abd967-259c2abd96b 2119->2121 2122 259c2abd9a1-259c2abd9ac 2119->2122 2123 259c2abd987 2121->2123 2124 259c2abd96d-259c2abd974 2121->2124 2122->2115 2126 259c2abd98d-259c2abd99d 2123->2126 2124->2123 2125 259c2abd976-259c2abd97a 2124->2125 2125->2123 2127 259c2abd97c-259c2abd985 2125->2127 2126->2119 2128 259c2abd99f 2126->2128 2127->2126 2128->2115
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
                                          • Instruction ID: 629e0699ba635975e138f8e548d6f8a686a77d0ae70c86e4ff9360d9e8c41b4b
                                          • Opcode Fuzzy Hash: 47550b20993fbd762e226fa4ca9e05ae32b1ced83bd225dda60327e294bd4ee8
                                          • Instruction Fuzzy Hash: 6BC1EC3A208F85C5EF618B5598483AE3BA0E389F83F594157DACA077D1DB79C8C9C308
                                          Function 00000259C2A98990 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
                                          • String ID:
                                          • API String ID: 4268643673-0
                                          • Opcode ID: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                          • Instruction ID: 46ecccc5c9eebbdc2006d3cd288486d1a8c9d6a557967f13101ceb00b8d4873d
                                          • Opcode Fuzzy Hash: 83031f1c3d95a3b59bc2a22e43b72ccd41805d9851eefa9cc92077698de98015
                                          • Instruction Fuzzy Hash: 0F11E632111F50C5EF149F25E858159B3A4FB48FA6B684216DAA906BE4DF38C997C348
                                          Function 00000259C2AA0420 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Value
                                          • String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                          • API String ID: 3702945584-1787575317
                                          • Opcode ID: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                          • Instruction ID: b7a337e52ea27da95ebfd73ec24bd9346f3e4442121ff14d3b82f1bfbfe47ae1
                                          • Opcode Fuzzy Hash: 4b31b020cac4b58e91cc22bf7df28ffde147e0876d00deb1f16a5955c36cd2ac
                                          • Instruction Fuzzy Hash: 0C115132618B80C2DB21CF21F84539AB3A4F79DB95F514216EAD807B99DFBCC195CB44
                                          Function 00000259C2A9ED77 Relevance: 4.7, APIs: 3, Instructions: 182networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Cleanupclosesocketrecv
                                          • String ID:
                                          • API String ID: 3447645871-0
                                          • Opcode ID: cededbd8a01b1ec152068a66c0021e75133b9fca01e86202f2537a2f13f52944
                                          • Instruction ID: f7060afa996d243737d6df8a67ff7f2a515d54521532150061d5e4dd33dabca9
                                          • Opcode Fuzzy Hash: cededbd8a01b1ec152068a66c0021e75133b9fca01e86202f2537a2f13f52944
                                          • Instruction Fuzzy Hash: AF915062A18FC0C1EE209B15E85839E6761E79DBA2F104313EAED47BDADF79C4C18744
                                          Function 00000259C2AA1111 Relevance: 4.7, APIs: 3, Instructions: 163registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseEnumOpen
                                          • String ID:
                                          • API String ID: 1332880857-0
                                          • Opcode ID: 46a2b425fe9aeba63369c68ca3981fb753a76c630a185bcaa84e67fe462df2c1
                                          • Instruction ID: e7d142a2670df4c8288ecaad9bfa4e28a67f819c5af02b9a43b50795ca2e728e
                                          • Opcode Fuzzy Hash: 46a2b425fe9aeba63369c68ca3981fb753a76c630a185bcaa84e67fe462df2c1
                                          • Instruction Fuzzy Hash: C9717072A04F80C5EF10CB69E84839D6761F789BAAF100216EBE957BD9DB79C1C5CB04
                                          Function 00000259C2AA10A0 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: EnumOpen
                                          • String ID:
                                          • API String ID: 3231578192-0
                                          • Opcode ID: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                          • Instruction ID: 20f34495e384d3386e97da3040c22ff2a1305d238969dd9fc26b4b2765040724
                                          • Opcode Fuzzy Hash: a8920e58832bf877e089fa0af907033f7a3b2d639e35d700202a240f283f6ca3
                                          • Instruction Fuzzy Hash: CF317F32700B84D5EB20CFA5EC5879E7364FB48B9AF200216EE9917B98DB78C596C704
                                          Function 00000259C2AA0DDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseOpenQueryValue
                                          • String ID:
                                          • API String ID: 3677997916-0
                                          • Opcode ID: 0e9a2bb39f3aee4e9858c282cea2b023be1d8108f9c73034c28012e758624651
                                          • Instruction ID: 12d1a1e06a0c52214177a8703262fd2f83253aaf86da279dfa51b7425a50b67d
                                          • Opcode Fuzzy Hash: 0e9a2bb39f3aee4e9858c282cea2b023be1d8108f9c73034c28012e758624651
                                          • Instruction Fuzzy Hash: 4B218262624F80C1EE608B25E89435AA761EBDDBD6F505213EACD42BD9DF3CC1C4DB04
                                          Function 00000259C2A9F890 Relevance: 4.6, APIs: 3, Instructions: 50COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Info$User
                                          • String ID:
                                          • API String ID: 2017065092-0
                                          • Opcode ID: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                          • Instruction ID: d433e21b5bd0b667c0ae34f67d26e509a3d121e3d024ae11086174d2145f86ce
                                          • Opcode Fuzzy Hash: d34c2ece54cb3812040e4eef0477fed434900964bc97860851aa3e607d5351a2
                                          • Instruction Fuzzy Hash: CE119D32618B80C2EB109F61F81471EB7A1F789F8AF045225EB8503B99DF7CD5908B88
                                          Function 00000259C2A99760 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ProcessToken$CurrentInformationOpen
                                          • String ID:
                                          • API String ID: 2743777493-0
                                          • Opcode ID: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                          • Instruction ID: 95ac80760901068d294fccdd93cbc32def0d9937cbf5a2eeb8b9867198c12944
                                          • Opcode Fuzzy Hash: 5cf106d3b2ffd2a7e9a61a7f883b18dc6c947c023f1ec599732081f4b0d6fdce
                                          • Instruction Fuzzy Hash: A1110D32218F40D2EB509F16F84434AB2A5F788B82F545126EBC957B68CF3DC445CB48
                                          Function 00000259C2A5F350 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-3916222277
                                          • Opcode ID: ecea8943f82965ce62faed458054ccd8cfb24b04489c1c816735c8e5d90b1431
                                          • Instruction ID: a596bf667ccca07babb1a0eca77ea66e50ee5d0aac4ab04d896990be4ebc3bcd
                                          • Opcode Fuzzy Hash: ecea8943f82965ce62faed458054ccd8cfb24b04489c1c816735c8e5d90b1431
                                          • Instruction Fuzzy Hash: F4512572204F44D6EE258F2AD95836933A0F34DF96F944622DB9E83BE5CB79D0A1C304
                                          Function 00000259C2AA0C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CurrentProfile
                                          • String ID: Unknown
                                          • API String ID: 2104809126-1654365787
                                          • Opcode ID: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                          • Instruction ID: 7b1a8293ff65b0ad47df6b08e476dd555c9859543cb2aaa31c5b835d01684eb5
                                          • Opcode Fuzzy Hash: 327d7d51cf89ce8cae5e34d504ec04f85fc3bceab43135c4ad84e114b6f625fa
                                          • Instruction Fuzzy Hash: 9431D023628FC0C6EB11CF25E95439AA360F799B45F545216EBC902B8ADF7CC6D5CB04
                                          Function 00000259C2A651E0 Relevance: 3.2, APIs: 2, Instructions: 192COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 047492ee40e0bcaf5b16723200e7cf24537bdb93927abe219c582ebd26aa8ba3
                                          • Instruction ID: 31f6ff9a6bf048f46f5652125d60dd8c30fa4ee6f6bca933df1d26eefaa2b13d
                                          • Opcode Fuzzy Hash: 047492ee40e0bcaf5b16723200e7cf24537bdb93927abe219c582ebd26aa8ba3
                                          • Instruction Fuzzy Hash: 9951B262305F44C5EE249B66A90839DA365A70CFE7F5806339EED0BBD6DB78C4C18308
                                          Function 00000259C2A98E10 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FolderFreeKnownPathTask
                                          • String ID:
                                          • API String ID: 969438705-0
                                          • Opcode ID: 2e1fffe90520dd557920388e28507833548f1b316689cdecaf84a1eb2a2be702
                                          • Instruction ID: 56cdfeb75212fee36703d5e9ea012d31000c08255b8bea6d56acdfe69af6ca27
                                          • Opcode Fuzzy Hash: 2e1fffe90520dd557920388e28507833548f1b316689cdecaf84a1eb2a2be702
                                          • Instruction Fuzzy Hash: F8316072A14B80C5EA20DF69E88435AB761F79DBA5F105316EAEC03BD5DB7CC1C18B44
                                          Function 00000259C2AAE614 Relevance: 3.1, APIs: 2, Instructions: 77COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                          • Instruction ID: 13cb941f49411208516cfe0bbbc8663974180919f1823783930c6d8ee1320565
                                          • Opcode Fuzzy Hash: cb30a7c2c620b97f400ef9b33bc0fdb0214d80daa24a11497eeb67f4fc095207
                                          • Instruction Fuzzy Hash: FD31B132610E44C1EE54DB54EE593A93361EB9DF83F940933E689473D2EB78C280CB18
                                          Function 00000259C2A97390 Relevance: 3.1, APIs: 2, Instructions: 69registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseOpen
                                          • String ID:
                                          • API String ID: 47109696-0
                                          • Opcode ID: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                          • Instruction ID: 1650fe8f1bca5c5214a868ad697031fab9d28d5e4bf34933e2bd9c6d72d68541
                                          • Opcode Fuzzy Hash: f079ec761da95b766b8b6afbeec7fda29d97571b2deafd3f5d4343d11bd09f0c
                                          • Instruction Fuzzy Hash: 4A21F661714E40C5EE50AB22FC4439AA760EB9DFD6F080122EE8D43BDADE38C4C1C704
                                          Function 00000259C2A9664C Relevance: 3.1, APIs: 2, Instructions: 58synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
                                          • String ID:
                                          • API String ID: 420082584-0
                                          • Opcode ID: 6cbb35264d3af9d3b1548d5a1ccd0fc23f5837e511aba725e3f5ecd0c3bcc6bd
                                          • Instruction ID: df388ca5bc1f4b4e0682ab03beeb3ab53de7fe43e51ecb4d47bdb182cea00411
                                          • Opcode Fuzzy Hash: 6cbb35264d3af9d3b1548d5a1ccd0fc23f5837e511aba725e3f5ecd0c3bcc6bd
                                          • Instruction Fuzzy Hash: C1218161608E80C1FE61B7BAAC5E3AE1241AF4DF93F541623E6D5017E79E38C0C4862D
                                          Function 00000259C2A9667D Relevance: 3.0, APIs: 2, Instructions: 47synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseHandleMutexReleaserecv
                                          • String ID:
                                          • API String ID: 2659716615-0
                                          • Opcode ID: eca0cdce0ddfb544edceff3c729bb4a71f08e5ff18005c1b5199ae0a99c22d4d
                                          • Instruction ID: 4f9032484f2906ab3cf503696687cfba18703e8d56b55cb14712d35c3a0f3e70
                                          • Opcode Fuzzy Hash: eca0cdce0ddfb544edceff3c729bb4a71f08e5ff18005c1b5199ae0a99c22d4d
                                          • Instruction Fuzzy Hash: 7111A361608E80C1FE607B79AC4E39E1341AF4DF93F444613EAD9017E79E38C0C5861D
                                          Function 00000259C2ABDB60 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorFileLastPointer
                                          • String ID:
                                          • API String ID: 2976181284-0
                                          • Opcode ID: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                          • Instruction ID: 28a1eda3c0c7362b90862c4a61d43800a6ceb8529de9f6e184c01a32b455a413
                                          • Opcode Fuzzy Hash: 7e9ab1c6d8c64915d6648e9c143c2363700413bfa3c055332623f50353a46816
                                          • Instruction Fuzzy Hash: 44118F76214F80C1DE109B25A8482596761A789FF6F544312EBB94B7D9CE78C095C704
                                          Function 00000259C2A558F3 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Find$CloseFileNext
                                          • String ID:
                                          • API String ID: 2066263336-0
                                          • Opcode ID: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                          • Instruction ID: 2d759bf11a18390e9384615af0f7e7b5c97d757ecec93c9ba5e166e83663e1d9
                                          • Opcode Fuzzy Hash: c09ff1b7f36846cd2f70e20038cef65db65028f9499b4e4cc306786389cb5efe
                                          • Instruction Fuzzy Hash: FB01EC36218E80C5EA60DB56F85839A6364F78DB96F804023DE8D43B59DE38C8868B04
                                          Function 00000259C2ACCB98 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                          • String ID:
                                          • API String ID: 1173176844-0
                                          • Opcode ID: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                          • Instruction ID: fc6d756b0df5cb4fbddbd97e52203ca2b076dc1b77a39728254884cfe676ecd9
                                          • Opcode Fuzzy Hash: 267b89f17236609d1417f10d46edbd95984192d968a560c5371d581f7ac22313
                                          • Instruction Fuzzy Hash: F3E0E231612E09E1FD2C66BA1C1E2A402494B1DF73E281B23AAF6093C3A936C4D18258
                                          Function 00000259C2ABB550 Relevance: 2.5, APIs: 2, Instructions: 18memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 485612231-0
                                          • Opcode ID: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                          • Instruction ID: 5edfc7f2aa87502aa07b6f8690b435d00093579acf43e8aafe7a2df9838ef1d1
                                          • Opcode Fuzzy Hash: 47cbcda289b4926f8a5fa232dbc04e0ffd722977d505590b0caac84d58b1b127
                                          • Instruction Fuzzy Hash: 73E0E271B11E49C2FE1867F29CAD62906956B9DF43F0449229A96867D2EA38C8C9820D
                                          Function 00000259C2AAD450 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: ad2cb0bc93a9f2c573dc059c32f6bb17e3aa8d1924772eb3367983a946f19d44
                                          • Instruction ID: 8e76097b75e673906895c8fe0be2c4bc484109b7ae3ac4a192ba4aeed11811ab
                                          • Opcode Fuzzy Hash: ad2cb0bc93a9f2c573dc059c32f6bb17e3aa8d1924772eb3367983a946f19d44
                                          • Instruction Fuzzy Hash: 8F61AB6A300E80C5EF15DF1AD95836D23A1AB08F9AF548512DEED0B7D5DB39CAC6C708
                                          Function 00000259C2A4E150 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_fs_directory_iterator_open
                                          • String ID:
                                          • API String ID: 4007087469-0
                                          • Opcode ID: f97e729366d47bfa4c7aafed75f1aa1c45cd1a185c9e6d560cf73fb06629d366
                                          • Instruction ID: 1e2d6de669929b2304583abdbf77b63da02fa6d2d04da025cec947f4a9bbdc63
                                          • Opcode Fuzzy Hash: f97e729366d47bfa4c7aafed75f1aa1c45cd1a185c9e6d560cf73fb06629d366
                                          • Instruction Fuzzy Hash: 2461D062B00F40D5FF10CB69D9883AC23A1E74DF9AF009613DE99577D9EA34C8C58358
                                          Function 00000259C2A65B00 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 93ff4aefe56a1fbcd8fc278d924c6e22c2da32e4497507a5f2ef2736dfcda9af
                                          • Instruction ID: e9df7440d3eba065ae3e99de6dba1c8e125a65a0a8d1303af8c81627570dfcdb
                                          • Opcode Fuzzy Hash: 93ff4aefe56a1fbcd8fc278d924c6e22c2da32e4497507a5f2ef2736dfcda9af
                                          • Instruction Fuzzy Hash: 61418B62304F84D5EE109B16E84839E6366B74DFD6F580622EFED0B7C6EB39C0818308
                                          Function 00000259C2A8B010 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 70463512125a8373cde5a3b87be7849059a838aa6b28dcb32a5bc345d01126ba
                                          • Instruction ID: df17ea187b65a09e1a26327583d49a6a70daf2244127330427cb5f4a5e6b376a
                                          • Opcode Fuzzy Hash: 70463512125a8373cde5a3b87be7849059a838aa6b28dcb32a5bc345d01126ba
                                          • Instruction Fuzzy Hash: E4418E72214F84C2DE24CB65E9582AAA3A1F74CFD2F544A16EBED47BC5DB38C084C304
                                          Function 00000259C2A69ED0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: f861d8dc2613c7c80dd27573cd720c77548c38ce1937873e8d76364d9b51d931
                                          • Instruction ID: 238b8f555db7165dab5a845253c900e9dc9e598326b3df8919dcfbc81b60d26b
                                          • Opcode Fuzzy Hash: f861d8dc2613c7c80dd27573cd720c77548c38ce1937873e8d76364d9b51d931
                                          • Instruction Fuzzy Hash: 1931BF62301E85C5ED14DB66A8086AAA254B34CFE6F944A26AFAD077D6CB3DC1818308
                                          Function 00000259C2A65CB0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 51a6ed7fb7b4fe90d851e2ce25433792cdcab9d14c71ee120367246829675a15
                                          • Instruction ID: e77dd31f1c531e2efc64d06815d342062cb9771123424a6892887edfa06c1911
                                          • Opcode Fuzzy Hash: 51a6ed7fb7b4fe90d851e2ce25433792cdcab9d14c71ee120367246829675a15
                                          • Instruction Fuzzy Hash: 41418E62301F44D5EE24EB56AD0C39AA361A70CFD6F584623DEED0B7D6DB38C1818748
                                          Function 00000259C2A615C0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: e2ba41051abda489aea9c977d78c40073930bd061eee85ef7ac46d88b0847fa1
                                          • Instruction ID: f5a0bfc65985b00949edda6f6194fd79f0afcb73bf4a5791d51765ac728a95c1
                                          • Opcode Fuzzy Hash: e2ba41051abda489aea9c977d78c40073930bd061eee85ef7ac46d88b0847fa1
                                          • Instruction Fuzzy Hash: 2031D266701F44C4FE159B59A9083A91A95970CFEBF5806239EAD07BC6EB39C4C18348
                                          Function 00000259C2ABBA50 Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                          • Instruction ID: 379a7a537d9c1c56790409b53454a5796421725d56ef706a654c532692375f24
                                          • Opcode Fuzzy Hash: 62a68b64f697a3323ce5c67975f603dd912b7630c4b3619a8df593f8b8e10b11
                                          • Instruction Fuzzy Hash: 8E410232615A04C7EE348B19ED5876973A0E75AF83F141506EBD6837E6CB78C882C758
                                          Function 00000259C2AA0250 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InformationVolume
                                          • String ID:
                                          • API String ID: 2039140958-0
                                          • Opcode ID: bab2c3626ac6b4d65a00a26ee52bdc39fa55a87b0d5a689555181bbd374438f5
                                          • Instruction ID: 86e4ba0dbb62be44816fe120933f6905050ec5e2f99df68e63351619f6303b8d
                                          • Opcode Fuzzy Hash: bab2c3626ac6b4d65a00a26ee52bdc39fa55a87b0d5a689555181bbd374438f5
                                          • Instruction Fuzzy Hash: 0D516C32A14F80CAEB10CB69E84439D73A4F799B89F505212EBDC53B99DF78C685CB44
                                          Function 00000259C2A5FE50 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                          Download Yara Rule
                                          APIs
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00000259C2A5FF58
                                            • Part of subcall function 00000259C2A4B7B0: __std_exception_copy.LIBVCRUNTIME ref: 00000259C2A4B7F8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task__std_exception_copy
                                          • String ID:
                                          • API String ID: 317858897-0
                                          • Opcode ID: fa5db2aca4c7c8d6f58f58726680fb60434e957890374861043c0cd68a3ad1fe
                                          • Instruction ID: 2b7ed87fab54367f21649438c5d9d1b9099e7758c87515bee202b88b23e4c93f
                                          • Opcode Fuzzy Hash: fa5db2aca4c7c8d6f58f58726680fb60434e957890374861043c0cd68a3ad1fe
                                          • Instruction Fuzzy Hash: EF21F922A01F40C1EE18DB55A90436A6390A75DFA6F2447339EBC87BD2EA79C4D28344
                                          Function 00000259C2ABD4D0 Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                          • Instruction ID: c0e9ff882447a2efda70546d4611a2b109a4e4e00182ed836db8f67197e11d2e
                                          • Opcode Fuzzy Hash: 90e282629e3327800b1a09ea2473f0e2941ce1167cc6a0942764be9094e0e12c
                                          • Instruction Fuzzy Hash: 6B31BF76214E50C6FF116B65CC5935C2660A78CFABF410257EAA9473D2DBB8C4C1C729
                                          Function 00000259C2ADE208 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                          • Instruction ID: 5d01594d7e8efc49ab866cba70d36ae3ec4c5eaf579672adef68c85c6af34a18
                                          • Opcode Fuzzy Hash: c41a516aab5bbd5a0cb5ee3d8915c07e5e449c965519035ee3790c186b832703
                                          • Instruction Fuzzy Hash: C6218132214F40C7EF618F18D944369B6A1E798F56F544226EBE9877D9DB39C8808B04
                                          Function 00000259C2ADC510 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                          • Instruction ID: 96cf3b62abd6a2834d7d8b159c8ed5b281f37d06ab716931cb90deb38c8154bf
                                          • Opcode Fuzzy Hash: 6080b6f5c7735027f4532a4154f17099be5a1c2b37b88469d38b788aa2f2ab04
                                          • Instruction Fuzzy Hash: 57118E72618B40D1FE619F519C183B9A261F78DF83F844512EAC847BC6CB7DC5818748
                                          Function 00000259C2A9ADC0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: send
                                          • String ID:
                                          • API String ID: 2809346765-0
                                          • Opcode ID: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                          • Instruction ID: 401975b6c856bd5291446d615f13316a158ae980ac8e06424b3b8619c30ac849
                                          • Opcode Fuzzy Hash: af342f55a76444dc29af71e8fb4152a83f454f5b800a0383b076c9e997804f61
                                          • Instruction Fuzzy Hash: FB01A225718A94C2DF509F1BB984319A3A0F78CFD5F485132EE9D43B89DB38C8918B44
                                          Function 00000259C2AAED2C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                          • Instruction ID: 4c3cd1c542b96bb1350ce725e63ff3999281665d119c0f67f711c773802bc36e
                                          • Opcode Fuzzy Hash: 8baf8acf487f5caa78a15ef12004ef049afcc069522c3c2ef46e844b516c0117
                                          • Instruction Fuzzy Hash: 8CE02231229F41C5EF242BB4EA49328B160AF0CFB2F144733A7B4023CACA39C4D08A18
                                          Function 00000259C2AD97D0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileFindNext
                                          • String ID:
                                          • API String ID: 2029273394-0
                                          • Opcode ID: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                          • Instruction ID: e8fa2cd4c8b5c1cb3618338e216a59ae0e61dacd32afb6c875845be075bb51f7
                                          • Opcode Fuzzy Hash: 4177796e15072c585db232ab642f29accb6d05ea1f689265af403d42f2bb1474
                                          • Instruction Fuzzy Hash: 98C04829F56E06C2FE586BA25C8A24611A0B75CB03F804422C28880790EA3CC1EB8A1D
                                          Function 00000259C2ADB3C4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InfoNativeSystem
                                          • String ID:
                                          • API String ID: 1721193555-0
                                          • Opcode ID: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                          • Instruction ID: 8e954a876a194ea80c3edb16af6cc491fb8a36fa9381da8842daa82b25ce1ca4
                                          • Opcode Fuzzy Hash: 5d96549d17151685d9874b2efd5e6665c09aeaad6767ec6861ada1b691878f94
                                          • Instruction Fuzzy Hash: E2B09226A14CC0C3CA11EB04EC460097331F798B0EFD00001E28D42B64CE2CCA2A8E04
                                          Function 00000259C2ABDEDC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocHeap
                                          • String ID:
                                          • API String ID: 4292702814-0
                                          • Opcode ID: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                          • Instruction ID: 97869ffca7fcd78bba1c4ee84c4e424c78d9c08d69124fbaf1c7351e39cb3ed1
                                          • Opcode Fuzzy Hash: ad1b43cdb7c3550550fd4afa13c905d117ea5c1f34bfd66f5f885cc22fb7391c
                                          • Instruction Fuzzy Hash: C1F0A029319E49C4FE181BB25C5C36522946B4CFB3F084763ADE6863C1DA3CC4C1C518

                                          Non-executed Functions

                                          Function 00000259C2AB0D98 Relevance: 49.1, APIs: 25, Strings: 2, Instructions: 1888COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: memcpy_s$_invalid_parameter_noinfo
                                          • String ID: $
                                          • API String ID: 2880407647-227171996
                                          • Opcode ID: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                          • Instruction ID: 36ffce4eb846ee4e615b4429f7467a8614f9c6b83ab26db513f3fbbca8c5ee76
                                          • Opcode Fuzzy Hash: df87294ae73204ead43c2230939cbb6a00851c436377c9d63da8146f7a05de15
                                          • Instruction Fuzzy Hash: 1D03A272610AC0CBEB758F29DD587EA3791F748B8AF00511BDA4697BC8D735DA80CB44
                                          Function 00000259C2AA43F0 Relevance: 34.3, APIs: 18, Strings: 1, Instructions: 1015stringmemorynativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize
                                          • String ID: 0
                                          • API String ID: 1424456515-4108050209
                                          • Opcode ID: fd08a15f5606d8e955b5eeb1fbd96735714114fddb27a0e231a6530836212068
                                          • Instruction ID: d647f82ea5abd3ae970822dfa56731f3ab3b5dc81970321b3422e5913387fb10
                                          • Opcode Fuzzy Hash: fd08a15f5606d8e955b5eeb1fbd96735714114fddb27a0e231a6530836212068
                                          • Instruction Fuzzy Hash: AAC29436626F84CAD7908F69E88169DB3B5F788B88F106219EECD57B18EF38C154C744
                                          Function 00000259C2A26180 Relevance: 30.2, Strings: 24, Instructions: 238COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
                                          • API String ID: 118556049-850610325
                                          • Opcode ID: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                          • Instruction ID: 79cb60e9842f0d2ae969fa9e8ce890958176ea5f2e625835d3721ddff35bd615
                                          • Opcode Fuzzy Hash: dea6d34053270f54165e7821960ee4cc20a6cc02140d0cf59d37aac2e2ba149c
                                          • Instruction Fuzzy Hash: BEC14052D60FC984EB21DF35DC823E95321F7EE785F606317A98866856AFB4E2C4C344
                                          Function 00000259C2A6C820 Relevance: 29.3, APIs: 2, Strings: 14, Instructions: 1339COMMON
                                          Download Yara Rule
                                          APIs
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00000259C2A6DEA1
                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00000259C2A6DF4F
                                            • Part of subcall function 00000259C2A4B930: __std_exception_copy.LIBVCRUNTIME ref: 00000259C2A4B973
                                            • Part of subcall function 00000259C2ACF198: RtlPcToFileHeader.KERNEL32 ref: 00000259C2ACF1E8
                                            • Part of subcall function 00000259C2ACF198: RaiseException.KERNEL32 ref: 00000259C2ACF229
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
                                          • String ID: "$#base$#include$*$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                          • API String ID: 145623376-3561477107
                                          • Opcode ID: 779049d0dfa49f441fc86eb20f891799c0f327457b323729577624a3d6bcce72
                                          • Instruction ID: ddd3015c541f8342984faa11db501bdf16c87fe2956e5369ebb249723a34d35d
                                          • Opcode Fuzzy Hash: 779049d0dfa49f441fc86eb20f891799c0f327457b323729577624a3d6bcce72
                                          • Instruction Fuzzy Hash: 94D24672201FC4D9EF619F25DC983D923A5E749B8AF448123DA8D1ABDADF74C685C308
                                          Function 00000259C2A25DB0 Relevance: 25.2, Strings: 20, Instructions: 202COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
                                          • API String ID: 118556049-2722463023
                                          • Opcode ID: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                          • Instruction ID: 8c56977ff0abf90e32215a774a723826493507170bc669a4bec79618d4666782
                                          • Opcode Fuzzy Hash: b349f0743e28fad41dd0cf6d04c419ecc5bc303b8eb5692233894048f4044c83
                                          • Instruction Fuzzy Hash: 16A16152E60FC984EB11DB35DC823E95321F7EE786F606317A98862956AFB4E2C4C344
                                          Function 00000259C2A6E320 Relevance: 24.1, APIs: 2, Strings: 11, Instructions: 1388COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: #base$#include$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
                                          • API String ID: 118556049-1838291449
                                          • Opcode ID: 518946e1d895b6e528b4344295d9f590ad1199015f90ecf2709bb257a5717606
                                          • Instruction ID: dc1a3fa2f8820721b06ce3726d4f71545f88ba68ef8e51ff96a90e3008a79d0f
                                          • Opcode Fuzzy Hash: 518946e1d895b6e528b4344295d9f590ad1199015f90ecf2709bb257a5717606
                                          • Instruction Fuzzy Hash: 78E25862211EC4C9EF608F24DD583E923A5E74DB9AF448122DA9D4BBD9DF78C6C5C308
                                          Function 00000259C2AA3CF0 Relevance: 23.1, APIs: 10, Strings: 3, Instructions: 351nativelibraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Handle$Query$CloseInformationProcessSystem$AddressCurrentFinalModuleNameObjectOpenPathProc
                                          • String ID: File$NtDuplicateObject$ntdll.dll
                                          • API String ID: 2729825427-3955674919
                                          • Opcode ID: 19a329b1698b27f6415894aedb489b4e345f624b28bb062fda18895a27a00e6b
                                          • Instruction ID: 15d4132f6ec7009f179ad5d6c09104aeb383161f1ed9e94f90078110aedd4809
                                          • Opcode Fuzzy Hash: 19a329b1698b27f6415894aedb489b4e345f624b28bb062fda18895a27a00e6b
                                          • Instruction Fuzzy Hash: 57E1A462714E40C9FF10CB65D8183AD67A1EB49F8AF004112EE9D57BD9DF79C58AC708
                                          Function 00000259C2A8F040 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 218COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Initialize
                                          • String ID: @
                                          • API String ID: 2538663250-2766056989
                                          • Opcode ID: 28daa065bdd922f2104b70152547a23b89895abeef6d42904c205fc10f82d609
                                          • Instruction ID: edaa34e7e9157ecb1cbf591865ce7cdec67910216870b5f571529963ff69a25b
                                          • Opcode Fuzzy Hash: 28daa065bdd922f2104b70152547a23b89895abeef6d42904c205fc10f82d609
                                          • Instruction Fuzzy Hash: C3A15B72B04A40CAEB10CB75E8187AD77B1F78CB8AF504216DE9A57B94EF38C1958348
                                          Function 00000259C2A951E0 Relevance: 21.5, APIs: 1, Strings: 11, Instructions: 465COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID: .cmd$.exe$.exe$.ps1$.vbs$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas
                                          • API String ID: 587946157-4093014531
                                          • Opcode ID: df2d4dabee3204ae2a58fd944dc839f708084f1b3e06dbc7e46acf9e24b3ec9d
                                          • Instruction ID: cfd39fcb01f453b29bf1a2c4ee9a01392d07bc3bb468e6dcaca4c6dd2688d103
                                          • Opcode Fuzzy Hash: df2d4dabee3204ae2a58fd944dc839f708084f1b3e06dbc7e46acf9e24b3ec9d
                                          • Instruction Fuzzy Hash: C222B072A10F80C9EF10DF29E84939D27A1F789BAAF505216EA9D07BE9DF74C184C704
                                          Function 00000259C2AA4740 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 839stringCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
                                          • String ID: 0
                                          • API String ID: 3636535045-4108050209
                                          • Opcode ID: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                          • Instruction ID: 29b70efe6ac3cdc857b7d881c1218ee442925d0c31918b93004ac66afea8fd7b
                                          • Opcode Fuzzy Hash: 148f1cac526a25eedb59746f716de0c0cfa115320cfb54a3382c2084b1ee678e
                                          • Instruction Fuzzy Hash: A7B2963662AFC58AD7808F69E88165EB7B5F788B88F106215FECD57B18EB38C154C740
                                          Function 00000259C2A9AE50 Relevance: 13.2, APIs: 2, Strings: 4, Instructions: 2695COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: cannot compare iterators of different containers$cannot use push_back() with $type must be string, but is $value
                                          • API String ID: 118556049-2711811579
                                          • Opcode ID: de5d6f4c971ed528525af043bb64d6a1cd148540575aaaf437ad282287534789
                                          • Instruction ID: 92fd5d50dd5e32b70400ddd65b9d6a856d0ae1d4a5d5f635e1d078f36ce54ef6
                                          • Opcode Fuzzy Hash: de5d6f4c971ed528525af043bb64d6a1cd148540575aaaf437ad282287534789
                                          • Instruction Fuzzy Hash: 8D533422614FC0C9EF609F25DC883DD23A5F749B9AF509616DA9D5ABDAEF34C284C304
                                          Function 00000259C2AC6F14 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
                                          • String ID: utf8
                                          • API String ID: 3069159798-905460609
                                          • Opcode ID: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                          • Instruction ID: 25f6e82d7929fdcec698aac3c060da19b07236afcccae6c8b015394f6f5db496
                                          • Opcode Fuzzy Hash: 4309449c26b629e9b6de698707476955217e9cbe9722d2e68f3c85218e94a805
                                          • Instruction Fuzzy Hash: 57916A32200B40C5EF649F61DD497A923ADF78CF83F4481239A99477E9DB3AC995C748
                                          Function 00000259C2AC795C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                          • String ID:
                                          • API String ID: 2591520935-0
                                          • Opcode ID: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                          • Instruction ID: 0f7c03f326f3c70edd3aa19ffdd5c5388e3c9d21cedff9aae100a014cf851e19
                                          • Opcode Fuzzy Hash: 5eb0d27aa7dc3a9912447742f13a9ce850b1caaedf69b48f01ffc0c9247ee539
                                          • Instruction Fuzzy Hash: 42717532700A00CAFF159B61DC597A837A8BB4CF4BF4440278A9A57BD5EB3AC985C318
                                          Function 00000259C2A84710 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_destroy
                                          • String ID: value
                                          • API String ID: 2453523683-494360628
                                          • Opcode ID: 6739eb1e44084382e61603688e34c692cafcc2fd8894cdb90ee5299e3fffaf56
                                          • Instruction ID: 9db3670e57e0a89b2a7339dbc8e00f07611478314e68563556005d93828160e4
                                          • Opcode Fuzzy Hash: 6739eb1e44084382e61603688e34c692cafcc2fd8894cdb90ee5299e3fffaf56
                                          • Instruction Fuzzy Hash: 45027D62614FC0CAEF00CB75D8883AD6761E789BA6F505212EAED43BDADB78C1C5C704
                                          Function 00000259C2AAF920 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                          • String ID:
                                          • API String ID: 1239891234-0
                                          • Opcode ID: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                          • Instruction ID: a1ff81d66a501c49659ce2d56aac1929f6963ef70c272e826c290432866fec6a
                                          • Opcode Fuzzy Hash: c7f70f128318b326f672a7b0d6647dc5eb587961ea58d1b4d09a7c2ba848fd84
                                          • Instruction Fuzzy Hash: 33314C36214F80D6EB64CB25EC4439E73A4F78DB5AF540116EA9D43BA5DF38C286CB04
                                          Function 00000259C2A59090 Relevance: 8.4, Strings: 6, Instructions: 916COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
                                          • API String ID: 0-2980817763
                                          • Opcode ID: 1bd9b4b04057703ed62958e17289e5447afc4a23408f4e6ee9393a8372b7d45b
                                          • Instruction ID: 17b0a17690f7df224238b1aec5fe070d079554b242faea51489d349539ed76a8
                                          • Opcode Fuzzy Hash: 1bd9b4b04057703ed62958e17289e5447afc4a23408f4e6ee9393a8372b7d45b
                                          • Instruction Fuzzy Hash: DDA24872611FC489DB218F24DC883DE73A5F799B5AF405626EA9C0BB99EF74C284C344
                                          Function 00000259C2A57B8D Relevance: 7.4, Strings: 5, Instructions: 1142COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: config$content$filename$status$users
                                          • API String ID: 0-2677590375
                                          • Opcode ID: 4165bd58960aafecdd003df91eb6536fe65e46e20be2c6c9dcca7782a2fe16dd
                                          • Instruction ID: e97d3f7f6b6fbc4657629932dfcee50e9dc05f57ce9c3268b86f637671dfee7f
                                          • Opcode Fuzzy Hash: 4165bd58960aafecdd003df91eb6536fe65e46e20be2c6c9dcca7782a2fe16dd
                                          • Instruction Fuzzy Hash: B7C23C62611FC189DF21DF24DC983DE6361F789B9AF405222DA9D4ABDAEF34C684C344
                                          Function 00000259C2ADBB14 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000259C2ADBB97
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DebugDebuggerErrorLastOutputPresentString
                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                          • API String ID: 389471666-631824599
                                          • Opcode ID: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                          • Instruction ID: 502287773beef330fcd8955ceed56f32eced0a04908ab2496614149371e35168
                                          • Opcode Fuzzy Hash: e8ffe009acab376759065dd43441e42d099b308a5e20a56206d0bc25ee25ae09
                                          • Instruction Fuzzy Hash: 5B114C32210F40D7FB049B26DE883A932A4FB48B47F504126C79982A95EF78D0E4C718
                                          Function 00000259C2A502E0 Relevance: 7.0, Strings: 5, Instructions: 747COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_fs_convert_wide_to_narrow$__std_fs_code_page
                                          • String ID: content$directory_iterator::directory_iterator$exists$filename$status
                                          • API String ID: 3645842244-3429737954
                                          • Opcode ID: a8971aaf6fee6977f157dfbe61e61e20bd4e64a57e8da1fa10372b5881c59e42
                                          • Instruction ID: a2e450efa3d0214b8fea76b61a36229c592b56032a11573fac23e1b99abba313
                                          • Opcode Fuzzy Hash: a8971aaf6fee6977f157dfbe61e61e20bd4e64a57e8da1fa10372b5881c59e42
                                          • Instruction Fuzzy Hash: 54725B32611FC0C9EF619F25D8843EA6360F78DB5AF549222DA8D47BA9EF74C684C704
                                          Function 00000259C2AB7348 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Virtual$AllocInfoProtectQuerySystem
                                          • String ID:
                                          • API String ID: 3562403962-0
                                          • Opcode ID: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                          • Instruction ID: b3d8260595ba88d2a80c70cf617242940ab5bc68be2a69b7e6a7ac44bbb2d452
                                          • Opcode Fuzzy Hash: 324fd5cd604fef47d1152131e1f7c01459585a6c12e9a2e3e67a5e0172bc20d3
                                          • Instruction Fuzzy Hash: 54313732310A80DEDB20CF35DC587D963A5F74CB8AF844026EA8D47B98DB38D686C704
                                          Function 00000259C2ACDC18 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                          • String ID:
                                          • API String ID: 2933794660-0
                                          • Opcode ID: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                          • Instruction ID: ac39c56c252752ae948c59d9e14d45bc74550bb9230537aba3f4549158efcd0f
                                          • Opcode Fuzzy Hash: f06392d29159ea5021ae0933302a5494cfde722d0989828b5d6bd782ea4d1856
                                          • Instruction Fuzzy Hash: F011FA26710F01CAEF00DF60EC593A833A4F75DB5AF441E26EAAD46BA4DF78C1958354
                                          Function 00000259C2A88950 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 376COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_copy
                                          • String ID: parse_error$value
                                          • API String ID: 592178966-1739288027
                                          • Opcode ID: ecccdd723cc9930d84514b897044e7338d1ab82e9746f924356a8bea6347d9a9
                                          • Instruction ID: 46145bb994dbcacdab74707af347fee887b9a920546e62ac56fb46883898f811
                                          • Opcode Fuzzy Hash: ecccdd723cc9930d84514b897044e7338d1ab82e9746f924356a8bea6347d9a9
                                          • Instruction Fuzzy Hash: 46F19F62A10E84D9EF00DF64DC593ED2322F79DB9AF905213AA8C56ADAEF74C185C344
                                          Function 00000259C2A5A1F0 Relevance: 5.6, Strings: 4, Instructions: 609COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: content$directory_iterator::directory_iterator$exists$filename
                                          • API String ID: 0-1400943384
                                          • Opcode ID: d92f4d0aab53d789c1591f50fd56a96dda56f9b3aff1918d571ab19eca3d0f56
                                          • Instruction ID: 4737e19e3dc732a2bcad954c10ec3bd878139ba3eecfca4cacb165ed7499b567
                                          • Opcode Fuzzy Hash: d92f4d0aab53d789c1591f50fd56a96dda56f9b3aff1918d571ab19eca3d0f56
                                          • Instruction Fuzzy Hash: 64526C72610FC4CAEB608F69E8443DE73A1F789B9AF405212EA9D47B99EF74C580C704
                                          Function 00000259C2AAB68A Relevance: 5.6, Strings: 4, Instructions: 563COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_destroy
                                          • String ID: array$object$object key$object separator
                                          • API String ID: 2453523683-2277530871
                                          • Opcode ID: 9c7edec81dc448aff70d24d02dc47a3d94d478b34c0c2cec5b208f141bd3f369
                                          • Instruction ID: e7085b2a59f999d679b882c0e297f8cad87c1acdbea060fd8894be6918283a6c
                                          • Opcode Fuzzy Hash: 9c7edec81dc448aff70d24d02dc47a3d94d478b34c0c2cec5b208f141bd3f369
                                          • Instruction Fuzzy Hash: FC329322614E84D6EF00DF34C8593ED6321FB9EB86F802513EA89577DAEB74C684C748
                                          Function 00000259C2AC19B8 Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 1286766494-0
                                          • Opcode ID: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                          • Instruction ID: 1fe72856e926bb297076f160ce2521f7a7e638b03ae074e2c70e8e2eabdfb997
                                          • Opcode Fuzzy Hash: 3362572290862af57679fdc4baef7ebaaf60df3fe4e64099d27ff34f0326e21c
                                          • Instruction Fuzzy Hash: C2929D32204B80C6EF658F289D5826937A9F749F8BF548117DBC507BD9DB3AC994C708
                                          Function 00000259C2AD9480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41windowCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FormatInfoLocaleMessage
                                          • String ID: !x-sys-default-locale
                                          • API String ID: 4235545615-2729719199
                                          • Opcode ID: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                          • Instruction ID: 98ea601d609e58cf4e4a1e1ccd11365a4e2c2df7741a45c3492e7cca4c9c5949
                                          • Opcode Fuzzy Hash: f19c835850623712fbca22d426e0c2013945c380ca8add72a55f3f09a2f97b50
                                          • Instruction Fuzzy Hash: 99018072704F85C2FB218B12B85879A67A5F389B87F444026DAC947BD9CB3CC985C708
                                          Function 00000259C2AB2CD0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: memcpy_s
                                          • String ID:
                                          • API String ID: 1502251526-0
                                          • Opcode ID: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                          • Instruction ID: 97193832823ecf657f66ee19884ffead6d267aafd01e20192c32bac4bea41a86
                                          • Opcode Fuzzy Hash: e899307af8ea146bffc4d3d3e4071cf966dfaa801a3502f7d3bb1face14528cf
                                          • Instruction Fuzzy Hash: F6C12772715A84C7EF24CF1AE84876AB7A5F388B86F418127DB8A437C4D739D845CB44
                                          Function 00000259C2A906A6 Relevance: 4.4, Strings: 3, Instructions: 653COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: 2OWqJZldB3s=$port$rXwr2/Mp0kvTmn+hdCWeFmDWltFpcKXkn/UOvH+3cNE=
                                          • API String ID: 0-1454942929
                                          • Opcode ID: fc2163450dead3b7ff2f94c13cbc764888e18f3445c3685658d373d3d4dd4d6e
                                          • Instruction ID: 63708673b33167915642d51eed6175f83e5c499f7ac3fabd91c3ab1031eefaa7
                                          • Opcode Fuzzy Hash: fc2163450dead3b7ff2f94c13cbc764888e18f3445c3685658d373d3d4dd4d6e
                                          • Instruction Fuzzy Hash: 78726072629FC4C5EA60CB25E88439AB3A4F7D9B85F505216EBCD13B99DF38C185CB04
                                          Function 00000259C2A56130 Relevance: 3.9, Strings: 2, Instructions: 1357COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: Software$exists
                                          • API String ID: 0-2364128853
                                          • Opcode ID: 8e57a09e20af07ecd921f6856e5cca299930e26b060332fb4e4f5cca0387100e
                                          • Instruction ID: 8ba7b0f10d48f1a2d469742d8d48286bd53f91d36b38ff3b3b45a7dd9d686ba0
                                          • Opcode Fuzzy Hash: 8e57a09e20af07ecd921f6856e5cca299930e26b060332fb4e4f5cca0387100e
                                          • Instruction Fuzzy Hash: F0D24A72A10FC4CAEB20CF29D8443DE63A4F789B9AF105216EA9D56BE9DF74C581C304
                                          Function 00000259C2A686D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: vector<bool> too long
                                          • API String ID: 118556049-842332957
                                          • Opcode ID: 5e13b41a6391bdc78a93b1e6faf195b367b93dbf385dd2a40b21e873329d8f30
                                          • Instruction ID: a51491f06962703912691e13604e1796aa877a9bdcc00800c18cbd6443fc716f
                                          • Opcode Fuzzy Hash: 5e13b41a6391bdc78a93b1e6faf195b367b93dbf385dd2a40b21e873329d8f30
                                          • Instruction Fuzzy Hash: 5DC19922A14F80CAEB14CF65D8483AD6374F39DB9AF105226EE9C13B99EB78C5C5C704
                                          Function 00000259C2A6E130 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 310COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID: conditional not closed
                                          • API String ID: 118556049-2481790218
                                          • Opcode ID: 4c118f331d096cfae55408887399e4e11ae0b8c8b43513295bcda257272f610d
                                          • Instruction ID: 1a7a2e91f4045d4696c307787f0fa0694dc19294f22bd8a7a16cab49abca07d0
                                          • Opcode Fuzzy Hash: 4c118f331d096cfae55408887399e4e11ae0b8c8b43513295bcda257272f610d
                                          • Instruction Fuzzy Hash: 24D15772601F84C4EF60CF20ED487E977A5F75DB8AF545123AA890AB99EB78C694C304
                                          Function 00000259C2ABC1A8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InfoLocale
                                          • String ID: GetLocaleInfoEx
                                          • API String ID: 2299586839-2904428671
                                          • Opcode ID: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                          • Instruction ID: 32d76488ad77d8364f835fc6bb5e3fdf5fe7b411fef9407c14ab2a80baf4d28b
                                          • Opcode Fuzzy Hash: 0fc81d44bec917c2802c26d4724ac6a513cb7d03bb6cf24fcfbb40603345bdc0
                                          • Instruction Fuzzy Hash: DC018F20700F80D9EF009B56B80868AA761A78DFD2F584127DE8903BD9CE3CC5828348
                                          Function 00000259C2A96760 Relevance: 3.4, APIs: 2, Instructions: 391COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExecuteFileModuleNameShell
                                          • String ID:
                                          • API String ID: 1703432166-0
                                          • Opcode ID: 8901576b6b951cda90eafd5a26a20cf5036267e5f0251a3f68b90dfb841a72b1
                                          • Instruction ID: 9ba58b83dab4b2d0530d6244884af10e4be20596a8b759f10d6c89a3d9caa7ab
                                          • Opcode Fuzzy Hash: 8901576b6b951cda90eafd5a26a20cf5036267e5f0251a3f68b90dfb841a72b1
                                          • Instruction Fuzzy Hash: B9120B72625F848ADB40CF29E88469EB3A5F788B98F505216FEDD57B58EB38C190C740
                                          Function 00000259C2ABF7F4 Relevance: 3.2, APIs: 2, Instructions: 227COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExceptionRaise_clrfp
                                          • String ID:
                                          • API String ID: 15204871-0
                                          • Opcode ID: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                          • Instruction ID: e7f046bf48f3a04d326f1e3894e030a7f71244d5944fa4448bc09f21a4963ee1
                                          • Opcode Fuzzy Hash: 57a16f90b848e9bfce21c4af82cc5806e79d9fd20c8b8e6b755f3e4c735a4a33
                                          • Instruction Fuzzy Hash: FBB10C77600B84CBEB59CF29C84A35C7BA0F349F5AF198916EA99877E4CB39C491C704
                                          Function 00000259C2AA0500 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: DevicesDisplayEnum
                                          • String ID:
                                          • API String ID: 2211661463-0
                                          • Opcode ID: 5b7a4cb8399f14eb31c53a614e82d760a5fe78c60bb34002ad903755df935223
                                          • Instruction ID: 103cdb42a268533598903d6de07b9542661b08aba22dbc50e33a754fbd291b5e
                                          • Opcode Fuzzy Hash: 5b7a4cb8399f14eb31c53a614e82d760a5fe78c60bb34002ad903755df935223
                                          • Instruction Fuzzy Hash: 6781CD32614F80C6EB20CF25E84839E77A5F788B99F505216EED817B99DF78C281CB04
                                          Function 00000259C2A55EE0 Relevance: 3.1, APIs: 2, Instructions: 145encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CryptDataFreeLocalUnprotect
                                          • String ID:
                                          • API String ID: 1561624719-0
                                          • Opcode ID: de58b49e5d54267f330502164efeee638c94e0596424ba388b0548b5f4130cdb
                                          • Instruction ID: 9aaf8944bd4433b42d7a1a9360e27cfca8a7ebbb2694853e73eed6a44ab9e5e6
                                          • Opcode Fuzzy Hash: de58b49e5d54267f330502164efeee638c94e0596424ba388b0548b5f4130cdb
                                          • Instruction Fuzzy Hash: 52617D32B14B80DAFB10DFB4E84439D73A1E759B8DF048226EA8916FD9DB78C594C344
                                          Function 00000259C2A921C0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CryptDataFreeLocalProtect
                                          • String ID:
                                          • API String ID: 2714945720-0
                                          • Opcode ID: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                          • Instruction ID: 414ed17d1295291e8994b81ae12150501df9910e73cddd7941c34b78c98c963f
                                          • Opcode Fuzzy Hash: 6da8b2380d1e6afdbe15ad09ed0a82a6e20629f9e1f2d0947d1afcdde56a6e99
                                          • Instruction Fuzzy Hash: B8415B33614B80CAFB209F74D8443DD77A4F759B8DF04422AEB8806E8ADB79C5A4C348
                                          Function 00000259C2A928C0 Relevance: 3.0, Strings: 2, Instructions: 529COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: %$+
                                          • API String ID: 0-2626897407
                                          • Opcode ID: b54e24ea2d3894df035ee9040a2acd847d033f699fed1c2709722eddc90e2de6
                                          • Instruction ID: 41775c7c4bc5e6da5dc03d4cf78f11ffe723a8274eccb504ff758ac503710c9e
                                          • Opcode Fuzzy Hash: b54e24ea2d3894df035ee9040a2acd847d033f699fed1c2709722eddc90e2de6
                                          • Instruction Fuzzy Hash: E3223523718E80CAFF21DB66D8543ED67A1A75DBAAF044213DE8917BC9DB38C485C348
                                          Function 00000259C2AC29F4 Relevance: 2.9, Strings: 2, Instructions: 358COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: a/p$am/pm
                                          • API String ID: 0-3206640213
                                          • Opcode ID: dad867be523f7f4d56baa7635c1cdc645b8584f083e4b69fc353e0e6fb1d2414
                                          • Instruction ID: ba41c6eea1ee4edec715b61067a2fa770603c9d509d6d2976ccf99971a8c72ca
                                          • Opcode Fuzzy Hash: dad867be523f7f4d56baa7635c1cdc645b8584f083e4b69fc353e0e6fb1d2414
                                          • Instruction Fuzzy Hash: 43E1BC72604A40C5EF688F248D5C7B927A9FB68F87F554103EA8A57BD4DB3AC9C1C708
                                          Function 00000259C2A4FEE0 Relevance: 2.7, Strings: 2, Instructions: 226COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: dumps$emoji
                                          • API String ID: 0-2873254224
                                          • Opcode ID: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                          • Instruction ID: fd8dd61507504d70d770eed575852e360c24f1a15a4b66de347fe8a52a0e9e09
                                          • Opcode Fuzzy Hash: f7c1d0fb9677e435d25e24cad687abe55fd77fc57aacf0daad7dd5b9b370ae1b
                                          • Instruction Fuzzy Hash: F9B11C22928FC486D760CB25E88165AB7A4F79DB84F546316FFCD13B59DB38D290CB04
                                          Function 00000259C2A755B0 Relevance: 2.0, APIs: 1, Instructions: 455COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 6c29bfcbf4af02599662019b9b632f87c035addbb376791c7633461b336fa7bf
                                          • Instruction ID: 9cf13dabbe679a0674326304d09832c567bcbe15398cbb924c603cfc876cd9a1
                                          • Opcode Fuzzy Hash: 6c29bfcbf4af02599662019b9b632f87c035addbb376791c7633461b336fa7bf
                                          • Instruction Fuzzy Hash: 56027962711F84C6EE10CBA5E85839E63B1E348F9AF548622DE9C177D5EB34C495C388
                                          Function 00000259C2A8CF70 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 474e3a437ea233f98959df63cb75406d1df34f3a045781f6baf1a50faa7e5945
                                          • Instruction ID: 9654ff3e88f150438cbdcb8bf917705535faa74da667875720a2573f0425b11c
                                          • Opcode Fuzzy Hash: 474e3a437ea233f98959df63cb75406d1df34f3a045781f6baf1a50faa7e5945
                                          • Instruction Fuzzy Hash: 2FA17722611F98CAEF00CBBAD8843AC67B0F359B4AF948416DF8D57B99DB38C195C354
                                          Function 00000259C2A8C930 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: c119fda8a9de2da8aa704513d54b9ca19ba9b462ee068ab1662025d9693643fb
                                          • Instruction ID: 5951dfa02731ffb85e38def13db5bcecaca408861e2f961576f8d0b12c5f2748
                                          • Opcode Fuzzy Hash: c119fda8a9de2da8aa704513d54b9ca19ba9b462ee068ab1662025d9693643fb
                                          • Instruction Fuzzy Hash: 67A18962601F98DAEF04CBAAD8843AC77B1F319B4AF948416DF8D53B99DB38C191C354
                                          Function 00000259C2A8CC50 Relevance: 1.7, APIs: 1, Instructions: 221COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 8e26d5924d2bdda6809c7ba14e83fc4a85feecd9e9e7ccd546660065fe342c69
                                          • Instruction ID: a9512c67e02628c05ca13743c929787afb636b0be9101498471687ee16e25119
                                          • Opcode Fuzzy Hash: 8e26d5924d2bdda6809c7ba14e83fc4a85feecd9e9e7ccd546660065fe342c69
                                          • Instruction Fuzzy Hash: 58A19963611B98DAEF04CBAAD8843AC37B1F359B4AF948416DF8D53B99DB38C091C740
                                          Function 00000259C2A8C600 Relevance: 1.7, APIs: 1, Instructions: 220COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 2c2d4eec14a64dcafd5ce3643fe487428c14e8435e54e1261b7e81d14bf6b778
                                          • Instruction ID: a2e49c6721a4f3fc75274ab6c410ed00a159cf09fbc36322f0d204ceb63539dc
                                          • Opcode Fuzzy Hash: 2c2d4eec14a64dcafd5ce3643fe487428c14e8435e54e1261b7e81d14bf6b778
                                          • Instruction Fuzzy Hash: 6FA19922B15F98DAEB04CBAAD8843AC37B1F359B4AF945126DF8D57B95DB38C091C300
                                          Function 00000259C2A8C300 Relevance: 1.7, APIs: 1, Instructions: 214COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: 468506bd705783cb04321f8421e7cee2424660cea4b76ff9ef63ca7c48a70ec2
                                          • Instruction ID: 298e44344a03fe9d4466374378c3dea165a4546cf591e5e43506981c1cea317c
                                          • Opcode Fuzzy Hash: 468506bd705783cb04321f8421e7cee2424660cea4b76ff9ef63ca7c48a70ec2
                                          • Instruction Fuzzy Hash: 09A1AA62711B98DAEF04CBA9D8883AC77B1F319B4AF948416CF8D57B95DB38C191C344
                                          Function 00000259C2A8D2A0 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task
                                          • String ID:
                                          • API String ID: 118556049-0
                                          • Opcode ID: adea9a2f053ff77c94f107ab8ec5be1b99452ae781f7e1d9d0e1f39d926e6c83
                                          • Instruction ID: a59bf3ef5cd1e38328dad951aa9314b0edfa237304c635f9ef2992152d5b24a6
                                          • Opcode Fuzzy Hash: adea9a2f053ff77c94f107ab8ec5be1b99452ae781f7e1d9d0e1f39d926e6c83
                                          • Instruction Fuzzy Hash: 5BA16666601F98CAEF04CBBAE8843AC67B0F359B4AF948416CF8D57B95DB38D091C354
                                          Function 00000259C2AC7270 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorLast$EnumLocalesSystemValue
                                          • String ID:
                                          • API String ID: 3029459697-0
                                          • Opcode ID: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                          • Instruction ID: 9d79cfa457b612c858477d391f44b42df81d39e5ca57718ec5accdb29b56f9cf
                                          • Opcode Fuzzy Hash: 58800bb6c4d0d9c609f2f6f306793987a7a581936cd52f064e9451565f60872b
                                          • Instruction Fuzzy Hash: 9911E463A14A44CAEF148F2AD8447987BA8F354FE2F448116DA95473C4CB35C5D1C744
                                          Function 00000259C2A79A10 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: 3daecdbd55c9c22db29b6e9ecc3dd405d8fe90d94cda49bc0af5f93eb4a6cfc3
                                          • Instruction ID: 31833fb43dd1f77267fdce13ea488133c8dca7573046173d2412f3ac22518219
                                          • Opcode Fuzzy Hash: 3daecdbd55c9c22db29b6e9ecc3dd405d8fe90d94cda49bc0af5f93eb4a6cfc3
                                          • Instruction Fuzzy Hash: 1DC15E22200F86C6EF60CE25D8683A963A5F38DF96F544213EB99437D9DB78D881C34C
                                          Function 00000259C2AC7340 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorLast$EnumLocalesSystemValue
                                          • String ID:
                                          • API String ID: 3029459697-0
                                          • Opcode ID: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                          • Instruction ID: 52bd42e97fc3546e55483ceb62fd01885de926f1ca4a4c14dc596dcd41f8f175
                                          • Opcode Fuzzy Hash: fd6ab9fb082eedb8b2c8f5dae22463227a7604b7e6560a2cecb061507bc0ecca
                                          • Instruction Fuzzy Hash: C201B172704A80C6EF144F56EC48B9977E9E748FA7F458263DAA1477C4CB75C8C18708
                                          Function 00000259C2A8F1C7 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: BlanketCreateInstanceProxy
                                          • String ID:
                                          • API String ID: 1899829610-0
                                          • Opcode ID: 090b67bd202e28ba5db5dc4b677ffd3c3d0e2274786d4c4dd6ee0b60b436dba7
                                          • Instruction ID: 689e623c25175e8219ffc61f5dd92755d83cbd18476927334951109c267a1828
                                          • Opcode Fuzzy Hash: 090b67bd202e28ba5db5dc4b677ffd3c3d0e2274786d4c4dd6ee0b60b436dba7
                                          • Instruction Fuzzy Hash: AE016222701E50C7FF22DB65E8053ADA765A74CB5AF8005178F8943B95EF38C1C6C388
                                          Function 00000259C2ABBC68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: EnumLocalesSystem
                                          • String ID:
                                          • API String ID: 2099609381-0
                                          • Opcode ID: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                          • Instruction ID: 69adb25c537d72faa704f8fa62fb419b35e63d835b59fc90c8284f8c6c044fec
                                          • Opcode Fuzzy Hash: f8325550294e071d185dd7c07cc84b153cedbfbab89d167ada8b5b9da10e3d51
                                          • Instruction Fuzzy Hash: 90F01976300E44C2EB04DB65EC946993365F79DB82F549026EA89877A5DE38C5D1C308
                                          Function 00000259C2A483D0 Relevance: .8, Instructions: 795COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                          • Instruction ID: 5e7029dc79396118cfec24c83c11064ecfdbbb73173da15ded912c5fc3be0190
                                          • Opcode Fuzzy Hash: b9b8fdb5bbf29e83ba46770476c642bc1a2f153b56793c0f77b40a01b05bd800
                                          • Instruction Fuzzy Hash: 2CA29236615FC88AD7408FAAEC8119D73BAF749BA8B101629EFCC57F19EBB4C1548740
                                          Function 00000259C2A45520 Relevance: .8, Instructions: 792COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d994d20f84aa1386fd0f79cb4df871a2668494586329fb3d57151dc71e3222dc
                                          • Instruction ID: b1f0041820b2c78a17a68a2fc0532893d8749f029e49aad223f3f72ef70af6fc
                                          • Opcode Fuzzy Hash: d994d20f84aa1386fd0f79cb4df871a2668494586329fb3d57151dc71e3222dc
                                          • Instruction Fuzzy Hash: 5592D832915FC88AD7718F25E88129AB3A8F79D788F505316EACC16B59EF78C394C704
                                          Function 00000259C2A766A0 Relevance: .4, Instructions: 361COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                          • Instruction ID: 224ec432028845ab9b7b077783ed82d8b9a9cab01dae94a55f26f53e49d1fd49
                                          • Opcode Fuzzy Hash: ff8ff783da37649173626c7f7158936b22345755ff077d27462f74136c1878ba
                                          • Instruction Fuzzy Hash: 36C14873721AA487EB56CF56D9587A9B762F3D8FD1F45C121DE8A03B94C638C882C704
                                          Function 00000259C2A26610 Relevance: .3, Instructions: 346COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2e47488768c35e6cc6abc03d29711516037972d3efd2b60ee3509700c14b337
                                          • Instruction ID: 47e0d4fd224afc296478a836ac7b4240b6670018439c043213310ecfc90cc391
                                          • Opcode Fuzzy Hash: f2e47488768c35e6cc6abc03d29711516037972d3efd2b60ee3509700c14b337
                                          • Instruction Fuzzy Hash: 9412D732515FC88AD7718F29E84139AB3A4F78DB48F545316EACC57B59EB38C294CB04
                                          Function 00000259C2A8FDB0 Relevance: .3, Instructions: 323COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                          • Instruction ID: a8eb1e65f18d1b1273c1b740889c371b7478be6517504c8fa8cae1c436407acd
                                          • Opcode Fuzzy Hash: 34fb1097c6f2363caac24c1e5b45ae24c1a6ca50cb597d280e611698873f3a91
                                          • Instruction Fuzzy Hash: 4EC1C2B3A146948BE355CF2DD40195D7BA0F398B84F40A629EB56C3B01E778E9A5CF80
                                          Function 00000259C2A46510 Relevance: .3, Instructions: 314COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                          • Instruction ID: b2a1789807e2692515b88106a70a4e36328e1b0da54e1552fe67542d31b1ee16
                                          • Opcode Fuzzy Hash: 58385eaf4bb05c4dd650fe9c3293d5d132ea8d53e59e9018c70652c9bfdaf018
                                          • Instruction Fuzzy Hash: 7002D632A15FC489D7628F79EC413D977A4F7AD788F105216EACC2AB59EBB4C294C700
                                          Function 00000259C2AB8C34 Relevance: .3, Instructions: 309COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 4023145424-0
                                          • Opcode ID: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                          • Instruction ID: b1861ca3df135581247d4f3b99b44aa0b59eb8b4f0759dca9ffa69f12ba3ec37
                                          • Opcode Fuzzy Hash: f39b52ed8424437b231758bdb93ffc4f840ea96165d05f634ae1d9fa5926c97e
                                          • Instruction Fuzzy Hash: F1C1C376200B80C9EF64DB669C187AA67A5F798F8BF404017DEC987BD8DB39C585C708
                                          Function 00000259C2AB088C Relevance: .3, Instructions: 287COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                          • Instruction ID: 04e06248207cb9f9156e0b2b4484b5893e48a9d7190d23c4a0b4b886879f7d4a
                                          • Opcode Fuzzy Hash: 58993cc49f4dd608ba7a820bbbd73e261f21bf312b089c0bcad54f873d9ee38f
                                          • Instruction Fuzzy Hash: 5D914933310A44CAFE244E2798583BA2690B75DF9BF15062ADED6477C1EE38C585D70C
                                          Function 00000259C2AB58D0 Relevance: .3, Instructions: 285COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                          • Instruction ID: 142a680ddc9b9ee36371ecb332f156b6248650bba52b251bad6a782535b9cc29
                                          • Opcode Fuzzy Hash: 29683b013f8ac11bc27aba6a7a5ac6f6d500d56baa688bda10aee56a2ac3d60c
                                          • Instruction Fuzzy Hash: 81C1CA72600A40C6EF28CF29C89836D37A1E70AF4BF24421ACE89177D5DB35C88AC748
                                          Function 00000259C2AB5044 Relevance: .2, Instructions: 247COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                          • Instruction ID: 4a2c227b22cbb4fda3d223954617d84cc2c99245ec6506a2f3db86369be46adf
                                          • Opcode Fuzzy Hash: 961d3e7eb4dbe1c42d41fae25b585760f3c2351026af9e0dc6bb8535c2ebc898
                                          • Instruction Fuzzy Hash: 24B17B72505B84CAEB648F39D8A836C3BA4F34DF4AF284116CB8A473D5DB76C485DB48
                                          Function 00000259C2AB7060 Relevance: .2, Instructions: 207COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 091f4ed8b1e5dd1d34995432db1c011eef8551be6e7d0024f18eedab46e94d23
                                          • Instruction ID: f792a864a84f8dc0e9fe72bdb11f6fed7ce7119c96053b851058351e1f357220
                                          • Opcode Fuzzy Hash: 091f4ed8b1e5dd1d34995432db1c011eef8551be6e7d0024f18eedab46e94d23
                                          • Instruction Fuzzy Hash: 63817C32600E50C6EF64CE25D88936963A4F788FAAF549617EE9E977D5CF35C181C308
                                          Function 00000259C2A26D20 Relevance: .2, Instructions: 203COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                          • Instruction ID: 0eb7928f15fb4ac7a1504553ee7606cadbec63f6b4643022e37d3a6f3af44fa8
                                          • Opcode Fuzzy Hash: 4e8cb9989ebccae2b4934454dacc3e473b3a3bc5e9d1377eb956669a5a9cd281
                                          • Instruction Fuzzy Hash: BAB1F532915FC88ADB108FA9EC40299B7B5F799BA8F145316EACC13F59EB74C194C700
                                          Function 00000259C2ADE2CC Relevance: .2, Instructions: 183COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                          • Instruction ID: 2eedaba883c9c4cc150e7e86e96e18b1cd0b8ee79d4352ae0aaa03f7d552896b
                                          • Opcode Fuzzy Hash: 0101b5bfc7e861b0726451e18251d4484926b191a0e7c85200f779e0e00e1385
                                          • Instruction Fuzzy Hash: AF61E532704F90C6FF688A288D5C37D6691A74CF77F18462BEA96877C5E676C8C08708
                                          Function 00000259C2A901F0 Relevance: .2, Instructions: 174COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                          • Instruction ID: caeae3ee2ae4154d0322a73734fafb58dfe9ece4873dbabd965b51fcb26aaed9
                                          • Opcode Fuzzy Hash: 8564914535ee6488183395aa034df85c3b96b43cc627a35cfc23d0d483c1855f
                                          • Instruction Fuzzy Hash: 5561EE2321E2C48FD30EDF7C589106D7F61D3A7908388469DEAC5EBB4BC514C95ACBA6
                                          Function 00000259C2A98230 Relevance: .2, Instructions: 156COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                          • Instruction ID: e5bf60ed8f0e3f4a3404d39f50f4e92fecc54de4515b755c0b2e1201509653df
                                          • Opcode Fuzzy Hash: 08e682c8f50e6a31ebca66eccf7bc014078cfb37ed238d168109819e35b8cd79
                                          • Instruction Fuzzy Hash: 5F51E4A3B0568443DB248B49FC42796F7A5FB987C5F00A126EE8D57B68EB3CD581C700
                                          Function 00000259C2AB4A00 Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                          • Instruction ID: e3aa87d8eb24aa10caa25f81c1a648a536ea21e1c1fcd313d3f99f1625115851
                                          • Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
                                          • Instruction Fuzzy Hash: A9517E36214E50CAEF248B29C86832937A0E38DF5BF244116CF89577E9D7B6D892D748
                                          Function 00000259C2AB47FC Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                          • Instruction ID: c349be6be2e03ace2b70ca23880eeef567af32c84e6c7d05750c2c2b1a2ec706
                                          • Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
                                          • Instruction Fuzzy Hash: 81515D36614EA0CAEF248F29C86836837A0F34DF5AF249112DAC9577E5C7B6D893C744
                                          Function 00000259C2AB45F8 Relevance: .1, Instructions: 145COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                          • Instruction ID: 2f922814ad9a1212f4ddd363883f7dfe7ded22a6f3edac5c8275d2f182a1e42b
                                          • Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
                                          • Instruction Fuzzy Hash: 94517076210E50CAEB248B29C86832837B1E75DF5BF244112CE8957BE5D7B6DCD2C784
                                          Function 00000259C2AC9EA0 Relevance: .1, Instructions: 126COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 485612231-0
                                          • Opcode ID: 7d3dc9fee99d1a793cda94341ed908f3bcfa2b26da772502c09f4d0e1d5ddaa1
                                          • Instruction ID: cfca33dd1ae89294fc09d0de4546bbf0af9ffc9b0e1f894f069797ad6c7030a4
                                          • Opcode Fuzzy Hash: 7d3dc9fee99d1a793cda94341ed908f3bcfa2b26da772502c09f4d0e1d5ddaa1
                                          • Instruction Fuzzy Hash: 8F41B172310E5482EF04CF6AD958669A3A5B34CFD5F499427EE8D87B98DE3EC5828304
                                          Function 00000259C2AF2008 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                          • Instruction ID: 39f9551bc196dee42667cdcd7dd53921c794c05e67c32c74441ae4c1b3b3946b
                                          • Opcode Fuzzy Hash: 65fcb47a17adf94f373ff647ddafb07328eb1c747429ddd71517b78256354565
                                          • Instruction Fuzzy Hash: 37F0C247A1DFD09AF75256240C7E3841F91D396D23F4D404B8AC083FDB945A8D47D206
                                          Function 00000259C2AF22D8 Relevance: .0, Instructions: 24COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                          • Instruction ID: 49859890d9cd06beca0c6a1930313adfdf0ba321e8e1a67fbe0da3967b953ced
                                          • Opcode Fuzzy Hash: d53a79903260b7a4f0e6c71e7ffc168a0f2adb2b336afcda935cdf6e025e0c2f
                                          • Instruction Fuzzy Hash: 86F01DDBE5FED086FBA295240D3E20C6ED2D3B9E07F1D418B8B84037C3A419AC85521A
                                          Function 00000259C2AF2398 Relevance: .0, Instructions: 15COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91d01cb9ed2bd3d2d45766b86e1c76849cdc335525e86e8d4b249a2a0640e502
                                          • Instruction ID: 45b50ae603be924a2d4d8b4b138ed4133a62d59910ba1fb8f4bced074070dffd
                                          • Opcode Fuzzy Hash: 91d01cb9ed2bd3d2d45766b86e1c76849cdc335525e86e8d4b249a2a0640e502
                                          • Instruction Fuzzy Hash: 9AE04FC7A4DEC099F71646600C3F6082ED1977AE13B4D81DF878403BD3B45DAC018312
                                          Function 00000259C2AF26E0 Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                          • Instruction ID: 72dc1379d307df9fe2eef78a8eee362180b80f93c600c0d0ee3ed3a63e60d1bd
                                          • Opcode Fuzzy Hash: a42a01495bc10c92585e70db87d9dd7e84e2cd6d90333ee8a624f4433841b9f2
                                          • Instruction Fuzzy Hash: 4AA01253308890C6F5430B10480D1442750D752902B888040854002943C029084E8A08
                                          Function 00000259C2AF2090 Relevance: .0, Instructions: 2COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                          • Instruction ID: 141a9e7d1a93080848667bb95270544006d0d24074dfe6e6c9ed73c2720241a9
                                          • Opcode Fuzzy Hash: f01a4154ba30de378ee8f3a0bf3b2dfb59d47392f9fc814d815bb3a6ccc76d7c
                                          • Instruction Fuzzy Hash:
                                          Function 00000259C2A8ED30 Relevance: 28.7, APIs: 19, Instructions: 177processCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CloseHandle$Process32Token$InformationNextOpenProcess$ConvertCreateErrorFirstLastSnapshotStringToolhelp32
                                          • String ID:
                                          • API String ID: 3925315391-0
                                          • Opcode ID: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                          • Instruction ID: c3e344b3ee0d0b037e06b0b326c87f0019f307a57c1b9cfaaed5a200e30008a0
                                          • Opcode Fuzzy Hash: 9cfa9a338c49679a1929b549c81fccef5f16dbb46e3a6c3e399b60bd0c466e0c
                                          • Instruction Fuzzy Hash: D4812A32215F80C2EB508B25ED4875AA3A5F78DF96F404126EE8957BD8DF78C985C708
                                          Function 00000259C2AB81FC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                          • String ID:
                                          • API String ID: 570795689-0
                                          • Opcode ID: 36390ee60d7853b2b61aae55913fe849076646fcf7fe757753152af4f23a704c
                                          • Instruction ID: a61afbe489381439235555b0103ad0d230926628b5a8d7125cfb9078ae070cac
                                          • Opcode Fuzzy Hash: 36390ee60d7853b2b61aae55913fe849076646fcf7fe757753152af4f23a704c
                                          • Instruction Fuzzy Hash: 6241BE30604E01C9FD6CA33A6D5D72952829B4DFB3F084B2799F6067C6EE39D8C1C218
                                          Function 00000259C2AAFDCC Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 407COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID: 0$0$0
                                          • API String ID: 3215553584-3137946472
                                          • Opcode ID: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                          • Instruction ID: b00b15f3b624a76a27f359c3424597b3fca07095a53d97f71d627ac67a2ec9d0
                                          • Opcode Fuzzy Hash: c13ea352d321776aceeea9581779599aef3778c14aa0c6b54d648fb53a65a266
                                          • Instruction Fuzzy Hash: 98E1CF32505E85C9FF648F2998983AD6BA5A71AF87F548013C7C4873D6CA3AC9D9C70C
                                          Function 00000259C2A94C60 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 159COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                          • String ID: bad locale name$false$true
                                          • API String ID: 164343898-1062449267
                                          • Opcode ID: 6d80fb12eb3313207d0587c3af823ac137beb0f19c49a4efd21ce154c7ae78c0
                                          • Instruction ID: 614817007dddc332d582ff4b968dba3f379886426cfb7127d170be90faad7af6
                                          • Opcode Fuzzy Hash: 6d80fb12eb3313207d0587c3af823ac137beb0f19c49a4efd21ce154c7ae78c0
                                          • Instruction Fuzzy Hash: EF714932705F40CAFF15DFA5D8583AC37BAEB88B0AF1441269A8867BD9DB34C591D348
                                          Function 00000259C2ABBCE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AddressFreeLibraryProc
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 3013587201-537541572
                                          • Opcode ID: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                          • Instruction ID: f56a62d2e7f11ac08027d10c839cbf9ce8ea8397e7be3c5bab8b563c900f02af
                                          • Opcode Fuzzy Hash: c6120ce6c378417c8061f2daa80316ce8b84504fe2d3d9dfde353b277e126bba
                                          • Instruction Fuzzy Hash: BA41CF35311E00C6EE16CB16AC48B566395BB4DFA3F494A279E8A477D4EF3CC485C708
                                          Function 00000259C2A95090 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Internet$CloseFileHandleOpenRead
                                          • String ID: File Downloader
                                          • API String ID: 4038090926-3631955488
                                          • Opcode ID: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                          • Instruction ID: 51b3d3ec955acb1787d7f4073aa26003e78b4f5e2fe1ace9e1edb9d1902f7921
                                          • Opcode Fuzzy Hash: d760029ad861ea7f7ea2ffc299629ee0db5f3c755485599aed123bc73a668a15
                                          • Instruction Fuzzy Hash: 6E314C32218F80C6EF109F56A85979AB364F789FC6F544016EE8943B98DF7CC5858B04
                                          Function 00000259C2AB32AC Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID: f$p$p
                                          • API String ID: 3215553584-1995029353
                                          • Opcode ID: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                          • Instruction ID: 7dab58c2f4b098a86f7cae256a69aa09e4d6156aedc456b393419bb9a971dad5
                                          • Opcode Fuzzy Hash: da133f4d1d1d50a9f8077a7ed93c78c5851a9c9ee1111e96f3e2a2a160aeb47c
                                          • Instruction Fuzzy Hash: 8712D172604A41C6FF209B59E86C7AA76A1F388F57F94411BEAC247BC4D778C9C0CB18
                                          Function 00000259C2ACABDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                          • String ID: CONOUT$
                                          • API String ID: 3230265001-3130406586
                                          • Opcode ID: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                          • Instruction ID: c91f94c1f7a67bafa0e8bacad866e01b7191bbb73fd0ee014053732173682df9
                                          • Opcode Fuzzy Hash: 97ef1f90b5d1e549fd4d93c948d975b58c02b300c1de8e440893a5efab19f807
                                          • Instruction Fuzzy Hash: 99115B31314E80C6EB508B56EC5832977A4F78DFE7F044226EA9987BE4CB7CC8958748
                                          Function 00000259C2ADB73C Relevance: 9.2, APIs: 6, Instructions: 239COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ByteCharMultiWide$CompareInfoString
                                          • String ID:
                                          • API String ID: 2984826149-0
                                          • Opcode ID: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                          • Instruction ID: 4accb23b5ba7314d0a72478a5e9aa5af3486195c9cb731a4ab2f3d7b23f0dfd1
                                          • Opcode Fuzzy Hash: ab7e75f2883cad40e90fab743296f144bd79ee85a7c99ab5de0f741cdd8f7a66
                                          • Instruction Fuzzy Hash: FFA19072600F80CAFF218B2598583AD6691F748FABF444A23DA994BBD5DB38C585C348
                                          Function 00000259C2ADB3DC Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ByteCharMultiStringWide
                                          • String ID:
                                          • API String ID: 2829165498-0
                                          • Opcode ID: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                          • Instruction ID: e53ceedab05f5c0b131f6dfc13c86705510b7ab3f81f322187ffc1bdfcb9b013
                                          • Opcode Fuzzy Hash: a17d41df7d4fcd83c170866fb1b58b26a6ae7521d63a390143938d7d4d5e554f
                                          • Instruction Fuzzy Hash: 2D816372200B40C6FF248F25D84875977A5FB58FEBF544A26EA9947BD8DB38C485C708
                                          Function 00000259C2AB03B8 Relevance: 9.2, APIs: 6, Instructions: 157COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                          • Instruction ID: 81b475a7ba861d926be4633dd26ec22eca95c8f5cbfbc55ef218b13de5ab1b40
                                          • Opcode Fuzzy Hash: ca3f80eaf004f362beb8f5b3b26ae04cc2cf7c865ac26bc256f85fe2d54e20e3
                                          • Instruction Fuzzy Hash: 54514E76109E84C9EB629F26D8683AD3BA5A749F47F448043C7C8477C6DE39C885C71E
                                          Function 00000259C2AB8374 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • GetLastError.KERNEL32 ref: 00000259C2AB8383
                                          • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000259C2AB40D5,?,?,?,?,00000259C2ABB584), ref: 00000259C2AB83B9
                                          • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000259C2AB40D5,?,?,?,?,00000259C2ABB584), ref: 00000259C2AB83E6
                                          • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000259C2AB40D5,?,?,?,?,00000259C2ABB584), ref: 00000259C2AB83F7
                                          • FlsSetValue.KERNEL32(?,?,-2891666E48DAA7FF,00000259C2AB40D5,?,?,?,?,00000259C2ABB584), ref: 00000259C2AB8408
                                          • SetLastError.KERNEL32 ref: 00000259C2AB8423
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Value$ErrorLast
                                          • String ID:
                                          • API String ID: 2506987500-0
                                          • Opcode ID: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
                                          • Instruction ID: c2711bbe0bdc0056ea71c5ac500c8714bee5a9a49b753007510978dc1773eb4b
                                          • Opcode Fuzzy Hash: afe38cc287240995e2e9d2378547507dd5cbbb9e4fb21f15aad5b3e1c77e3c65
                                          • Instruction Fuzzy Hash: BE119A30304E41CAFE58A7296E9D72D62529B4DFB3F044726ADF646BD6DE39D4C1C208
                                          Function 00000259C2A4DB90 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 281COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_destroy$ApisFile__std_fs_code_page
                                          • String ID: ", "$: "
                                          • API String ID: 741338541-747220369
                                          • Opcode ID: 70c3df3b0665392bb10dec36982789de03aed693fc70c4f23570ae3ae5983821
                                          • Instruction ID: 0384a59728cc99b6112202f31798408a5a2424db5ea8b83345268b997df63783
                                          • Opcode Fuzzy Hash: 70c3df3b0665392bb10dec36982789de03aed693fc70c4f23570ae3ae5983821
                                          • Instruction Fuzzy Hash: 0CB1AA72701F40D5EF00DF65E8483AC2366E749F8AF109522EA9907BDADF39C591C388
                                          Function 00000259C2ABF4D8 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _set_statfp
                                          • String ID:
                                          • API String ID: 1156100317-0
                                          • Opcode ID: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                          • Instruction ID: 0d8716585592fd62086e3b308d422fd7950c729f137fc56db2dbd8c701f7ddc4
                                          • Opcode Fuzzy Hash: 5459f65f4676636fdc901623b58b7eba5cdeda63d87ce883b5aed9902fe8fe9f
                                          • Instruction Fuzzy Hash: F781E532500E84C5FA728F35AC5836A66A1AB5DF97F1C4303BED9A6BE5D738C5C1C608
                                          Function 00000259C2AB843C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          • FlsGetValue.KERNEL32(?,?,?,00000259C2AAF8AF,?,?,00000000,00000259C2AAFB4A,?,?,?,?,-2891666E48DAA7FF,00000259C2AAFAD6), ref: 00000259C2AB845B
                                          • FlsSetValue.KERNEL32(?,?,?,00000259C2AAF8AF,?,?,00000000,00000259C2AAFB4A,?,?,?,?,-2891666E48DAA7FF,00000259C2AAFAD6), ref: 00000259C2AB847A
                                          • FlsSetValue.KERNEL32(?,?,?,00000259C2AAF8AF,?,?,00000000,00000259C2AAFB4A,?,?,?,?,-2891666E48DAA7FF,00000259C2AAFAD6), ref: 00000259C2AB84A2
                                          • FlsSetValue.KERNEL32(?,?,?,00000259C2AAF8AF,?,?,00000000,00000259C2AAFB4A,?,?,?,?,-2891666E48DAA7FF,00000259C2AAFAD6), ref: 00000259C2AB84B3
                                          • FlsSetValue.KERNEL32(?,?,?,00000259C2AAF8AF,?,?,00000000,00000259C2AAFB4A,?,?,?,?,-2891666E48DAA7FF,00000259C2AAFAD6), ref: 00000259C2AB84C4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 4ce4a5051ebace67528a179680f56dd4679384bab99bc7618957d122f6916756
                                          • Instruction ID: 2c226a56236984756c264da2ec2cd13c3a6b9c56477ac384b0d710e0902a571c
                                          • Opcode Fuzzy Hash: 4ce4a5051ebace67528a179680f56dd4679384bab99bc7618957d122f6916756
                                          • Instruction Fuzzy Hash: E4119030705E41C9FE6C932AAE5972921469B4CFF3F484727A9FA467DADE38D4C1C208
                                          Function 00000259C2A66510 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 237COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                                          • String ID: bad locale name
                                          • API String ID: 1287851536-1405518554
                                          • Opcode ID: fbfbbd7b2027d036e315073af143bae7ec25fc3c62d82c00348e94651dbbdfc6
                                          • Instruction ID: b1da6d41b97dd165ffc20757a8efaa959fcbe1cbd70016c9db5f3aea150cfd78
                                          • Opcode Fuzzy Hash: fbfbbd7b2027d036e315073af143bae7ec25fc3c62d82c00348e94651dbbdfc6
                                          • Instruction Fuzzy Hash: AA915B62701F80CAEF149FB5E85439C7366EB48F8AF0445269A9967BDADF38C4918348
                                          Function 00000259C2ADD3EC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                          • API String ID: 3215553584-1196891531
                                          • Opcode ID: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                          • Instruction ID: d50fa8102020a80a42dff89f6d9735288cf68b36f810d01ffb957c8d0ac7ec2a
                                          • Opcode Fuzzy Hash: c93d0c80d14289c47e4e012ab7823fd63e1d2ef69c6c82be7162492af36b69b4
                                          • Instruction Fuzzy Hash: 688188BF604F00C5FF658F29895C3682AA0A31AF8FF568007DA86973D5D339D9819649
                                          Function 00000259C2A79E10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: __std_exception_destroy
                                          • String ID: at line $, column
                                          • API String ID: 2453523683-191570568
                                          • Opcode ID: 8e1d1b64992ebb00d4d77e0a1fed3680f94c34247a39cf19bc8266c22a1fe26b
                                          • Instruction ID: 5d8036cc46c29f28428e8cdacb7464bb3bfcda2b4fcbd487672b963746f2e242
                                          • Opcode Fuzzy Hash: 8e1d1b64992ebb00d4d77e0a1fed3680f94c34247a39cf19bc8266c22a1fe26b
                                          • Instruction Fuzzy Hash: 78516C62604B80C1EA10DB2AE99835E6765F78DFD2F104613EBE807BDADF39C5D18748
                                          Function 00000259C2A4C910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
                                          • String ID: bad locale name
                                          • API String ID: 1612978173-1405518554
                                          • Opcode ID: 85691f01e980f503a8a5ffab79cefbcc4565558e69c5e965dadd8410ba14cca9
                                          • Instruction ID: 3af45647e08d42c857c1a846238c0f942907eb35a60dcba1a3fa49b0000398be
                                          • Opcode Fuzzy Hash: 85691f01e980f503a8a5ffab79cefbcc4565558e69c5e965dadd8410ba14cca9
                                          • Instruction Fuzzy Hash: 98512832702F40DAFF10DFA0E8943AC3376EB49B4AF4445279A8926B9ADB34C595D358
                                          Function 00000259C2AA0F00 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Open
                                          • String ID: ?
                                          • API String ID: 71445658-1684325040
                                          • Opcode ID: e858e0353f0b0f51294932793ef27480847be266b4f1ddbad7c6a163f917eadb
                                          • Instruction ID: 894ef458a51a0e918925ae2a1b273f7b1436e31dcaeea01a622a682ca095c630
                                          • Opcode Fuzzy Hash: e858e0353f0b0f51294932793ef27480847be266b4f1ddbad7c6a163f917eadb
                                          • Instruction Fuzzy Hash: 2A418072618B80C1EF508B25F88936AB361FB8DB96F105216FAD942B99DF7CC1D4CB44
                                          Function 00000259C2AD9520 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AddressHandleModuleProc
                                          • String ID: GetTempPath2W$kernel32.dll
                                          • API String ID: 1646373207-1846531799
                                          • Opcode ID: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                          • Instruction ID: ffb2302e17927f945baf3f847e676adc301865990dc4fa7193196b311bcd9416
                                          • Opcode Fuzzy Hash: 54cfff917e61736e637f3daaf4ede8ca0052c6a8694a4254edfc7bf5cdf1c370
                                          • Instruction Fuzzy Hash: D8E0E561300E44C2EE189B11FD882696361FB8DF87F58502ADA8E07BB4DE3CC4CA8308
                                          Function 00000259C2A8F480 Relevance: 6.5, APIs: 4, Instructions: 478COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Process32$CloseHandleImpersonateLoggedNextOpenProcessUser$CreateFirstRevertSelfSnapshotTokenToolhelp32
                                          • String ID:
                                          • API String ID: 1562318730-0
                                          • Opcode ID: 316c2e6fdf35f67638a24c1b45d4b3dc2851aea21892dc61ca1780e4b7a94a99
                                          • Instruction ID: 5ce2b33fab4063cd674afde4aa4e993e1fd98ed1d9c80b0a31c340125a20c4dd
                                          • Opcode Fuzzy Hash: 316c2e6fdf35f67638a24c1b45d4b3dc2851aea21892dc61ca1780e4b7a94a99
                                          • Instruction Fuzzy Hash: 6022C062614F81C6FF009B78D85839D2761E78DBA6F905212EAED46BEADF78C4C1C704
                                          Function 00000259C2ABA888 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                          • String ID:
                                          • API String ID: 2718003287-0
                                          • Opcode ID: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                          • Instruction ID: 20204d0daca17afae9cedf971bf4965eb4f6fb871ec43b4a3842dbd8bd35e9d4
                                          • Opcode Fuzzy Hash: 523722e26ffa46449d979bd975143a43a29be3ae997596a7a20ff96f8c1017ee
                                          • Instruction Fuzzy Hash: D5D1CF32B14E80CAEB11CFA9D84439C37B1F759B9AF044216DE9E97BDADA34C496C344
                                          Function 00000259C2ABB248 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ConsoleErrorLastMode
                                          • String ID:
                                          • API String ID: 953036326-0
                                          • Opcode ID: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                          • Instruction ID: 70edc396ced51a4d4fd3c304d3c04329b6ecaf3a37f8f4e346be35c614343d6a
                                          • Opcode Fuzzy Hash: 051a95757f3cd31bcbf302130b81a7499006cb3b8c40f8426fd2f443c90a72fc
                                          • Instruction Fuzzy Hash: 1291BF72610E50C5FF608F659C88BAD2BA4B359F8BF54451ADE8A67BD5CA34C8C2C708
                                          Function 00000259C2AA4220 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: EnvironmentInitStringStringsUnicode$Free
                                          • String ID:
                                          • API String ID: 2488768755-0
                                          • Opcode ID: 2b2f1f90d0b32243a53be456331d7bdf6004e7484ecf8859458b1b26bd362795
                                          • Instruction ID: 9cc32f5cb6bae774c454d1549b744ad0ba7a60d4a174ba6d708f5f3e9766f551
                                          • Opcode Fuzzy Hash: 2b2f1f90d0b32243a53be456331d7bdf6004e7484ecf8859458b1b26bd362795
                                          • Instruction Fuzzy Hash: 8D519D32A04B80C6EB108F15F84435DB360FB98F96F589216EB9903B95DFB8D6E1C708
                                          Function 00000259C2A60120 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
                                          • String ID:
                                          • API String ID: 3698853521-0
                                          • Opcode ID: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                          • Instruction ID: 3896e3bdfd8c8c20a55c3f60155a93c66d3a2a443358b3b8c7bb55f835e5b711
                                          • Opcode Fuzzy Hash: 7fc3597cd9704a6304594a27bb2dfeeca3e59ce2e728f14c12add50f8541c22a
                                          • Instruction Fuzzy Hash: B3412562210F40C2EE11DB26EC48359B3A4F78DF96F580627AAD9477A6DF78C4C6C718
                                          Function 00000259C2AB0274 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _invalid_parameter_noinfo
                                          • String ID:
                                          • API String ID: 3215553584-0
                                          • Opcode ID: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                          • Instruction ID: 40535937b41ed38a047476a945e2d2e5c758a11706274bd2d6a6a37cab9bd975
                                          • Opcode Fuzzy Hash: f47f5365830de18e31c9f66efcfcebced3ed900e80df05c2fe820f8996efde49
                                          • Instruction Fuzzy Hash: 13411C72509E84CAEB529F26C82836D7BA4E749F46F498042CBC9473CADE39C585C71E
                                          Function 00000259C2A739F0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 1168246061-0
                                          • Opcode ID: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                          • Instruction ID: 3bb8ab77015b68716a791acf9489d4b8a353707887ba285d90c1c4f76bbd6778
                                          • Opcode Fuzzy Hash: 268a738e79390acd07def2dc4d1be91678e0d7bbd421806bae9408622498fc9b
                                          • Instruction Fuzzy Hash: FF415626204F40C1EE119B16EC58369B764F78DF97F590623EAC90B7E6DE38C4C28708
                                          Function 00000259C2A94940 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 1168246061-0
                                          • Opcode ID: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                          • Instruction ID: ce165322f3143136a6844925b427c7ef84cd6f6d04f89945c20353a8fa53b5b4
                                          • Opcode Fuzzy Hash: 225fe1b72370eebaf99dac6ca4c61f0c7a8ae1283e1f422937767657019483ac
                                          • Instruction Fuzzy Hash: CF416A26214F40C9FE11EB16E8483597764F38DFA6F180227AADD0B7E9DE78C4818318
                                          Function 00000259C2A61DD0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 1168246061-0
                                          • Opcode ID: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                          • Instruction ID: 7c78b5f35e4d298c49f2c5872dcb8cdadce8f67e4791f7c4ac1db11ed0716152
                                          • Opcode Fuzzy Hash: deae80201b058b93dee9511eb23f4883bce05ec3d16f28b31309998fe1f492bf
                                          • Instruction Fuzzy Hash: DB414926214F40C1FE15DB59EC4836967A4F78DFA6F580623AACD4B7E6DB78C4828708
                                          Function 00000259C2A940C0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
                                          • String ID:
                                          • API String ID: 1168246061-0
                                          • Opcode ID: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                          • Instruction ID: 36a1c4a19a61f02f76668af1fa93e28bb4362e2ecf0e5524c39c7916e150bac7
                                          • Opcode Fuzzy Hash: f751cf97cbdb91efc437d10692cdb5900781dee89e6afe037389110580d2090b
                                          • Instruction Fuzzy Hash: 8C416822204F40C5FE15EB16EC48359B764F39DF96F680623AAC90B7E6DE78C4868718
                                          Function 00000259C2AD9704 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ByteCharErrorLastMultiWide
                                          • String ID:
                                          • API String ID: 203985260-0
                                          • Opcode ID: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                          • Instruction ID: 150843fef078684ae86d6d7d7b2248c0c16741380fa83ad0bb222bc4d64e1ab3
                                          • Opcode Fuzzy Hash: 885017ec562e008ced87b7a088d7b161d23e12804f5abb955417809e776ebcf4
                                          • Instruction Fuzzy Hash: 53215E72614B85C7F750CF21E84831EBAB4F38DF96F240129DB8957B94DB39C4458B08
                                          Function 00000259C2AD9BF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Handle$AddressAttributesCloseErrorFeatureFileLastModulePresentProcProcessor__std_fs_open_handle
                                          • String ID:
                                          • API String ID: 156590933-0
                                          • Opcode ID: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                          • Instruction ID: 0da0a259e1541c058de4ee80c96030eb1db2257e4d3b147985dd1f6c76c20075
                                          • Opcode Fuzzy Hash: ab22cb6cb8c17ed70bd3674071cc7aa31663a6931c8f4e60418ec3b925b4023f
                                          • Instruction Fuzzy Hash: 6B114621214F41C9FE649725A88C32A66A1E74CFF3F141A16AAF746BE5DA38C4C58B0C
                                          Function 00000259C2A4EAA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 207COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID: [json.exception.
                                          • API String ID: 0-791563284
                                          • Opcode ID: 9312c027d5fae459814da3f46332f521891fa988a0930d2691346a9914b04737
                                          • Instruction ID: 4e36a0510a4d49476e24b5e0afb0de05c47ae005162e4225b7e63a0c0f1b0b09
                                          • Opcode Fuzzy Hash: 9312c027d5fae459814da3f46332f521891fa988a0930d2691346a9914b04737
                                          • Instruction Fuzzy Hash: C171F262B10F90C5FB00CB7AE84439D27A5E799B96F549217DE9917BCACB78C1C2C344
                                          Function 00000259C2A94EC0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                          • String ID: bad locale name
                                          • API String ID: 3988782225-1405518554
                                          • Opcode ID: 33544a4b61bf84f9eb955a3149670865a90af30da0d0207d443c82dd33414cde
                                          • Instruction ID: a9a52232f8957e4dd84956feaebdc414fd2dd584fbeced52038e709f65ed0c63
                                          • Opcode Fuzzy Hash: 33544a4b61bf84f9eb955a3149670865a90af30da0d0207d443c82dd33414cde
                                          • Instruction Fuzzy Hash: 1F51F632705A40CAFF14EF71D8953AC33A4EB58F4AF484037AA8966B96DE34C5A5C348
                                          Function 00000259C2A74780 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                          • String ID: bad locale name
                                          • API String ID: 3988782225-1405518554
                                          • Opcode ID: c058fda049dbde4ffcd4c62f786bcc4b07de1651a8a61ea2a3f562e1823d8c15
                                          • Instruction ID: a1cb737e34b747bd707b77b8d9014fbd9918e784def09cf297474cb70ae54226
                                          • Opcode Fuzzy Hash: c058fda049dbde4ffcd4c62f786bcc4b07de1651a8a61ea2a3f562e1823d8c15
                                          • Instruction Fuzzy Hash: 9F512932302F80C9FF10DFA0D8943AC33B4EB59F4AF444526EA8966B95DA34C5A5D308
                                          Function 00000259C2AC1068 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: _get_daylight$_invalid_parameter_noinfo
                                          • String ID: ?
                                          • API String ID: 1286766494-1684325040
                                          • Opcode ID: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
                                          • Instruction ID: 01a579a1ca61c54653698e452d99543810ad24a8e9eead8d68c2d7cc99719bd5
                                          • Opcode Fuzzy Hash: ee72351df311ff027eaf8af198dd50b8868fef75caf7a1d708de55c1de70a8ab
                                          • Instruction Fuzzy Hash: F741FB32304F80C5FF649B2AEC197696798E789FA7F144226EED406BD5DA3AC4C1C704
                                          Function 00000259C2ABAF20 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorFileLastWrite
                                          • String ID: U
                                          • API String ID: 442123175-4171548499
                                          • Opcode ID: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                          • Instruction ID: 19ba72ce1fda7fa360cab592b87b2d401f2ca5b5e6817977bfc5410d0c762b44
                                          • Opcode Fuzzy Hash: 95c1b5a9b453dd21b53d1d3abd175e481a437f6821d85bbfa209bab1ceee3d57
                                          • Instruction Fuzzy Hash: 7E418E72214A40C6DB208F65E8487AA77A5F798B86F404022EE8E87BD4EB3CC481C754
                                          Function 00000259C2ACF198 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1959532154.00000259C2A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000259C2A20000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_259c2a20000_ruppert.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExceptionFileHeaderRaise
                                          • String ID: csm
                                          • API String ID: 2573137834-1018135373
                                          • Opcode ID: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                          • Instruction ID: 652fc284ae20d9541ac7b3a76c426ddec41b71660f61ea9fa30f7ce503bb6dee
                                          • Opcode Fuzzy Hash: 4d2c4101b9d2858735cfea5a09a2e9289d44dfdbc7b24173af3d04f9105eea82
                                          • Instruction Fuzzy Hash: 1A110732215B8482EB218F15E844259B7E4F78CB96F584222DECD47BA8EF3DC5958B04