Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
isWLAjve0K.exe

Overview

General Information

Sample name:isWLAjve0K.exe
renamed because original name is a hash value
Original sample name:0160029c14caf2b358598e8824e5cee0.exe
Analysis ID:1578896
MD5:0160029c14caf2b358598e8824e5cee0
SHA1:c39d64553862d7f0d7fc79e8b940e4391c6e2985
SHA256:8c9769d73bf34e223790cdba5adf9411382a847d2a02cd914d4d29b4179c84ac
Tags:exeuser-abuse_ch
Infos:

Detection

RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Drops PE files to the document folder of the user
Drops large PE files
Injects a PE file into a foreign processes
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • isWLAjve0K.exe (PID: 2380 cmdline: "C:\Users\user\Desktop\isWLAjve0K.exe" MD5: 0160029C14CAF2B358598E8824E5CEE0)
    • isWLAjve0K.exe (PID: 1476 cmdline: "C:\Users\user\Desktop\isWLAjve0K.exe" MD5: 0160029C14CAF2B358598E8824E5CEE0)
      • svchost.exe (PID: 3228 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • fontdrvhost.exe (PID: 6120 cmdline: "C:\Windows\System32\fontdrvhost.exe" MD5: BBCB897697B3442657C7D6E3EDDBD25F)
          • WerFault.exe (PID: 4160 cmdline: C:\Windows\system32\WerFault.exe -u -p 6120 -s 140 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
      • WerFault.exe (PID: 5284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 460 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Rhadamanthys

{"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfop"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000003.2476450281.0000000002AB0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
    00000005.00000003.2485848152.0000000000860000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
      00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.3.svchost.exe.4f00000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              3.3.isWLAjve0K.exe.4ec0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                5.3.svchost.exe.4ce0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  3.3.isWLAjve0K.exe.50e0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\isWLAjve0K.exe, ProcessId: 2380, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nuinsa
                    Sigma detected: Uncommon Svchost Parent Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\isWLAjve0K.exe", ParentImage: C:\Users\user\Desktop\isWLAjve0K.exe, ParentProcessId: 1476, ParentProcessName: isWLAjve0K.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 3228, ProcessName: svchost.exe
                    Sigma detected: Windows Processes Suspicious Parent Directory
                    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\isWLAjve0K.exe", ParentImage: C:\Users\user\Desktop\isWLAjve0K.exe, ParentProcessId: 1476, ParentProcessName: isWLAjve0K.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 3228, ProcessName: svchost.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-20T16:22:36.528593+010028548021Domain Observed Used for C2 Detected104.161.43.182845192.168.2.549727TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Rhadamanthys {"C2 url": "https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfop"}
                    Multi AV Scanner detection for submitted file
                    Source: isWLAjve0K.exeReversingLabs: Detection: 26%
                    Source: isWLAjve0K.exeVirustotal: Detection: 32%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: isWLAjve0K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: isWLAjve0K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: Binary string: D:\Jenkins\workspace\ccd-app\main\native\win32\build\msvs_win32_x86\Release\x86\sym\AdobeUpdateService\AdobeUpdateService\AdobeUpdateService.pdb source: isWLAjve0K.exe, PerfectoUna.exe.0.dr
                    Source: Binary string: wkernel32.pdb source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484378832.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487988119.0000000002900000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488096735.0000000004D60000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: isWLAjve0K.exe, 00000003.00000003.2483115437.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483428390.00000000050B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487258614.0000000004ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2486988671.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2483980070.0000000005060000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483767058.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487796585.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487593442.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2483115437.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483428390.00000000050B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487258614.0000000004ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2486988671.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: isWLAjve0K.exe, 00000003.00000003.2483980070.0000000005060000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483767058.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487796585.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487593442.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484378832.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487988119.0000000002900000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488096735.0000000004D60000.00000004.00000001.00020000.00000000.sdmp
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 4x nop then dec esp9_2_0000027FA5170511

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 104.161.43.18:2845 -> 192.168.2.5:49727
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfop
                    Source: global trafficTCP traffic: 192.168.2.5:49727 -> 104.161.43.18:2845
                    Source: Joe Sandbox ViewIP Address: 104.161.43.18 104.161.43.18
                    Source: Joe Sandbox ViewASN Name: IOFLOODUS IOFLOODUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.161.43.18
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://ocsp.thawte.com0
                    Source: isWLAjve0K.exeString found in binary or memory: http://piriform.com/go/app_cc_license_agreement
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://piriform.com/go/app_cc_license_agreementPA
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://piriform.com/go/app_cc_privacy_policy
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://s2.symcb.com0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://sv.symcd.com0&
                    Source: PerfectoUna.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://www.piriform.com/ccleaner
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://www.symauth.com/cps0(
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: http://www.symauth.com/rpa00
                    Source: svchost.exe, 00000005.00000002.2579846050.00000000003EC000.00000004.00000010.00020000.00000000.sdmp, svchost.exe, 00000005.00000002.2580532744.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, fontdrvhost.exe, 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfop
                    Source: svchost.exe, 00000005.00000002.2580532744.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfopkernelbasentdllkernel32GetProcessMitigatio
                    Source: svchost.exe, 00000005.00000002.2579846050.00000000003EC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfopx
                    Source: svchost.exe, 00000005.00000003.2508907790.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-query
                    Source: svchost.exe, 00000005.00000003.2508907790.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachi
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
                    Source: isWLAjve0K.exe, PerfectoUna.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
                    Source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_fdce3db2-2
                    Source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_5624150b-d
                    Source: Yara matchFile source: 5.3.svchost.exe.4f00000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.3.isWLAjve0K.exe.4ec0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.3.svchost.exe.4ce0000.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.3.isWLAjve0K.exe.50e0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: isWLAjve0K.exe PID: 1476, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 3228, type: MEMORYSTR

                    System Summary

                    barindex
                    Drops large PE files
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeFile dump: PerfectoUna.exe.0.dr 979567147Jump to dropped file
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000027FA5171CF4 NtAcceptConnectPort,CloseHandle,9_2_0000027FA5171CF4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000027FA5171AA4 NtAcceptConnectPort,NtAcceptConnectPort,9_2_0000027FA5171AA4
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000027FA51715C0 NtAcceptConnectPort,9_2_0000027FA51715C0
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000027FA5170AC8 NtAcceptConnectPort,NtAcceptConnectPort,9_2_0000027FA5170AC8
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_0042A0D30_2_0042A0D3
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_004781A90_2_004781A9
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_0042A37F0_2_0042A37F
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0271C2313_3_0271C231
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_027281D23_3_027281D2
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0271C4003_3_0271C400
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_0042A0D33_2_0042A0D3
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_004781A93_2_004781A9
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_0042A37F3_2_0042A37F
                    Source: C:\Windows\System32\fontdrvhost.exeCode function: 9_2_0000027FA5170C709_2_0000027FA5170C70
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: String function: 0271CD90 appears 33 times
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 460
                    Source: isWLAjve0K.exeStatic PE information: Resource name: BRANDING type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Source: PerfectoUna.exe.0.drStatic PE information: Resource name: BRANDING type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                    Source: isWLAjve0K.exeBinary or memory string: OriginalFilename vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000000.2294502160.00000000005A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Update Service.exeJ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebranding.dll\ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2526899461.0000000004429000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Update Service.exeJ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2527037776.0000000004611000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAdobe Update Service.exeJ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000000.00000002.2527037776.0000000004470000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamebranding.dll\ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2483115437.0000000005038000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2483980070.000000000518D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2485745924.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004F52000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484378832.0000000005030000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000000.2465167508.00000000005A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAdobe Update Service.exeJ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2477238263.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCFF Explorer.exe: vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000000.2465167508.00000000004CA000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebranding.dll\ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004EC0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2483767058.0000000004FE3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484378832.0000000004FE0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \[FileVersionProductVersionFileDescriptionCompanyNameProductNameOriginalFilenameInternalNameLegalCopyright vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000052C1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenameKernelbase.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exe, 00000003.00000003.2483428390.0000000005236000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs isWLAjve0K.exe
                    Source: isWLAjve0K.exeBinary or memory string: OriginalFilenamebranding.dll\ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exeBinary or memory string: OriginalFilenameAdobe Update Service.exeJ vs isWLAjve0K.exe
                    Source: isWLAjve0K.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: isWLAjve0K.exe, 00000000.00000002.2526899461.0000000004429000.00000040.00001000.00020000.00000000.sdmp, isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmp, isWLAjve0K.exe, 00000003.00000003.2485745924.0000000002739000.00000040.00000400.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2477238263.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                    Source: isWLAjve0K.exe, isWLAjve0K.exe, 00000000.00000002.2526899461.0000000004429000.00000040.00001000.00020000.00000000.sdmp, isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmp, isWLAjve0K.exe, 00000003.00000003.2485745924.0000000002739000.00000040.00000400.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2477238263.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                    Source: classification engineClassification label: mal100.troj.evad.winEXE@9/6@0/1
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_004149D0 PathRemoveFileSpecW,GetLastError,WaitForSingleObject,GetExitCodeProcess,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,TerminateProcess,CloseHandle,CloseHandle,CloseHandle,Sleep,0_2_004149D0
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_004029A0 StartServiceCtrlDispatcherW,GetLastError,0_2_004029A0
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_004029A0 StartServiceCtrlDispatcherW,GetLastError,0_2_004029A0
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_004029A0 StartServiceCtrlDispatcherW,GetLastError,3_2_004029A0
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeFile created: C:\Users\user\Documents\ThaiPerfectoJump to behavior
                    Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6120
                    Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-c7331d53-a9b0-47e184-2a3bb56f4bc8}
                    Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\a242103c-de82-4e63-8c87-b31a78bf2ec8Jump to behavior
                    Source: isWLAjve0K.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: isWLAjve0K.exeReversingLabs: Detection: 26%
                    Source: isWLAjve0K.exeVirustotal: Detection: 32%
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeFile read: C:\Users\user\Desktop\isWLAjve0K.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\isWLAjve0K.exe "C:\Users\user\Desktop\isWLAjve0K.exe"
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Users\user\Desktop\isWLAjve0K.exe "C:\Users\user\Desktop\isWLAjve0K.exe"
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 460
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
                    Source: C:\Windows\System32\fontdrvhost.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6120 -s 140
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Users\user\Desktop\isWLAjve0K.exe "C:\Users\user\Desktop\isWLAjve0K.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: k7rn7l32.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: ntd3ll.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
                    Source: isWLAjve0K.exeStatic file information: File size 3002880 > 1048576
                    Source: isWLAjve0K.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x217400
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: isWLAjve0K.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                    Source: isWLAjve0K.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: D:\Jenkins\workspace\ccd-app\main\native\win32\build\msvs_win32_x86\Release\x86\sym\AdobeUpdateService\AdobeUpdateService\AdobeUpdateService.pdb source: isWLAjve0K.exe, PerfectoUna.exe.0.dr
                    Source: Binary string: wkernel32.pdb source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484378832.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487988119.0000000002900000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488096735.0000000004D60000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdb source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdb source: isWLAjve0K.exe, 00000003.00000003.2483115437.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483428390.00000000050B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487258614.0000000004ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2486988671.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2483980070.0000000005060000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483767058.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487796585.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487593442.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: ntdll.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2483115437.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483428390.00000000050B0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487258614.0000000004ED0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2486988671.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wntdll.pdb source: isWLAjve0K.exe, 00000003.00000003.2483980070.0000000005060000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2483767058.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487796585.0000000004E80000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487593442.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernelbase.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp
                    Source: Binary string: wkernel32.pdbUGP source: isWLAjve0K.exe, 00000003.00000003.2484251336.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2484378832.0000000004FE0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2487988119.0000000002900000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000005.00000003.2488096735.0000000004D60000.00000004.00000001.00020000.00000000.sdmp
                    Source: isWLAjve0K.exeStatic PE information: real checksum: 0x22448d should be: 0x2e2299
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_0046A0C9 push ecx; ret 0_2_0046A0DC
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_00404268 push ebp; retf 0_2_00404269
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272B86D push ebx; ret 3_3_0272B864
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272A840 push ebp; retf 3_3_0272A841
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272E83C pushad ; ret 3_3_0272E841
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272E80E push eax; iretd 3_3_0272E81D
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272A0F9 push FFFFFF82h; iretd 3_3_0272A0FB
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272D8A0 push 0000002Eh; iretd 3_3_0272D8A2
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_02728904 push ecx; ret 3_3_02728917
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272B1DD push eax; ret 3_3_0272B1DF
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_02729F6A push eax; ret 3_3_02729F75
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272B70B push ebx; ret 3_3_0272B864
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_0272E586 pushad ; retf 3_3_0272E599
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_00442430 pushfd ; retf 3_2_0044247A
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_0046A0C9 push ecx; ret 3_2_0046A0DC
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_00404268 push ebp; retf 3_2_00404269
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_00437750 pushfd ; iretd 3_2_00437789
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_0062225D push eax; ret 5_3_0062225F
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00625606 pushad ; retf 5_3_00625619
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00626012 push 00000038h; iretd 5_3_0062601D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_006228ED push ebx; ret 5_3_006228E4
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_006218C0 push ebp; retf 5_3_006218C1
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_006258BC pushad ; ret 5_3_006258C1
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_0062588E push eax; iretd 5_3_0062589D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00621179 push FFFFFF82h; iretd 5_3_0062117B
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00624920 push 0000002Eh; iretd 5_3_00624922
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00625F0C push es; iretd 5_3_00625F0D
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00620FEA push eax; ret 5_3_00620FF5
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00625FEE push FFFFFFD2h; retf 5_3_00626011
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_0062278B push ebx; ret 5_3_006228E4
                    Source: isWLAjve0K.exeStatic PE information: section name: .text entropy: 6.8486737482177835
                    Source: PerfectoUna.exe.0.drStatic PE information: section name: .text entropy: 6.8486737482177835

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files to the document folder of the user
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeFile created: C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exeJump to dropped file
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeFile created: C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exeJump to dropped file
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_004029A0 StartServiceCtrlDispatcherW,GetLastError,0_2_004029A0
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NuinsaJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NuinsaJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Switches to a custom stack to bypass stack traces
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FF8C88ED044
                    Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 4EFB83A
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: isWLAjve0K.exe, 00000000.00000002.2526899461.0000000004429000.00000040.00001000.00020000.00000000.sdmp, isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmp, isWLAjve0K.exe, 00000003.00000003.2485745924.0000000002739000.00000040.00000400.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2477238263.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                    Source: isWLAjve0K.exeBinary or memory string: CFF EXPLORER.EXE
                    Source: isWLAjve0K.exe, 00000000.00000002.2526899461.0000000004429000.00000040.00001000.00020000.00000000.sdmp, isWLAjve0K.exe, 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmp, isWLAjve0K.exe, 00000003.00000003.2485745924.0000000002739000.00000040.00000400.00020000.00000000.sdmp, isWLAjve0K.exe, 00000003.00000003.2477238263.0000000002739000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeDropped PE file which has not been started: C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exeJump to dropped file
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                    Source: svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                    Source: svchost.exe, 00000005.00000002.2580371449.0000000002C00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: svchost.exe, 00000005.00000002.2580403810.0000000002C12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                    Source: svchost.exe, 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                    Source: PerfectoUna.exe.0.drBinary or memory string: 9VVMCIV
                    Source: svchost.exe, 00000005.00000002.2580499334.0000000002C5C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWMSAFD L2CAP [Bluetooth]MSAFD RfComm [Bluetooth]
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_027292CC VirtualAlloc,VirtualAlloc,VirtualProtect,LdrInitializeThunk,VirtualFree,3_3_027292CC
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_00479425 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00479425
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_3_02729277 mov eax, dword ptr fs:[00000030h]3_3_02729277
                    Source: C:\Windows\SysWOW64\svchost.exeCode function: 5_3_00620283 mov eax, dword ptr fs:[00000030h]5_3_00620283
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Users\user\Desktop\isWLAjve0K.exe "C:\Users\user\Desktop\isWLAjve0K.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_00479425 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00479425
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_00469ECC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00469ECC
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_00479425 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00479425
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 3_2_00469ECC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00469ECC

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    System process connects to network (likely due to code injection or exploit)
                    Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 104.161.43.18 2845Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeMemory written: C:\Users\user\Desktop\isWLAjve0K.exe base: 26F0000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                    Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_00460FA0 cpuid 0_2_00460FA0
                    Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\isWLAjve0K.exeCode function: 0_2_0046A3FC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_0046A3FC
                    Source: C:\Windows\SysWOW64\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000003.00000003.2476450281.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.2485848152.0000000000860000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2580646442.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2511515172.0000000002AC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Remote Access Functionality

                    barindex
                    Yara detected RHADAMANTHYS Stealer
                    Source: Yara matchFile source: 00000003.00000003.2476450281.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000003.2485848152.0000000000860000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.2580646442.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.2511515172.0000000002AC0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                    Windows Management Instrumentation                    		3
                    Windows Service                    		3
                    Windows Service                    		1
                    Masquerading                    		21
                    Input Capture                    		1
                    System Time Discovery                    		Remote Services21
                    Input Capture                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Service Execution                    		1
                    Registry Run Keys / Startup Folder                    		211
                    Process Injection                    		1
                    Virtualization/Sandbox Evasion                    		LSASS Memory221
                    Security Software Discovery                    		Remote Desktop Protocol1
                    Archive Collected Data                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		1
                    Registry Run Keys / Startup Folder                    		1
                    Disable or Modify Tools                    		Security Account Manager1
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    DLL Side-Loading                    		211
                    Process Injection                    		NTDS2
                    Process Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets124
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
                    Obfuscated Files or Information                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    isWLAjve0K.exe26%ReversingLabs
                    isWLAjve0K.exe33%VirustotalBrowse

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfoptrue
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://piriform.com/go/app_cc_privacy_policyisWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                        		high
                        http://piriform.com/go/app_cc_license_agreementisWLAjve0K.exefalse
                          		high
                          http://crl.thawte.com/ThawteTimestampingCA.crl0isWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                            		high
                            http://www.symauth.com/rpa00isWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                              		high
                              http://piriform.com/go/app_cc_license_agreementPAisWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                                		high
                                http://ocsp.thawte.com0isWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                                  		high
                                  http://www.piriform.com/ccleanerisWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                                    		high
                                    https://cloudflare-dns.com/dns-querysvchost.exe, 00000005.00000003.2508907790.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfopkernelbasentdllkernel32GetProcessMitigatiosvchost.exe, 00000005.00000002.2580532744.0000000002D0C000.00000004.00000020.00020000.00000000.sdmp, fontdrvhost.exe, 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://cloudflare-dns.com/dns-queryPOSTContent-TypeContent-LengthHostapplication/dns-message%dMachisvchost.exe, 00000005.00000003.2508907790.0000000002D9F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.symauth.com/cps0(isWLAjve0K.exe, PerfectoUna.exe.0.drfalse
                                            		high
                                            https://104.161.43.18:2845/7e56fc199c7194d0/g5rgxmg9.bkfopxsvchost.exe, 00000005.00000002.2579846050.00000000003EC000.00000004.00000010.00020000.00000000.sdmpfalse
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              104.161.43.18
                                              		unknownUnited States
                                              		53755IOFLOODUStrue

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1578896
                                              Start date and time:2024-12-20 16:20:56 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 8m 22s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:12
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:isWLAjve0K.exe
                                              renamed because original name is a hash value
                                              Original Sample Name:0160029c14caf2b358598e8824e5cee0.exe
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@9/6@0/1
                                              EGA Information:
                                              • Successful, ratio: 25%
                                              HCA Information:Failed
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 52.168.117.173, 40.126.31.67, 20.12.23.50, 23.1.237.91
                                              • Excluded domains from analysis (whitelisted): www.bing.com, onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target isWLAjve0K.exe, PID 1476 because there are no executed function
                                              • Execution Graph export aborted for target isWLAjve0K.exe, PID 2380 because there are no executed function
                                              • Execution Graph export aborted for target svchost.exe, PID 3228 because there are no executed function
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              10:22:55API Interceptor1x Sleep call for process: WerFault.exe modified
                                              16:22:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Nuinsa C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exe
                                              16:22:45AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Nuinsa C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exe

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              104.161.43.18QhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                  xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                    SqWzv6g2gV.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                      RXnQXC1eJa.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                        37O0XUq6Vp.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                          tO8laPAv1k.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                            nPcYcCBa00.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                              JLrciUppSu.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                122046760.batGet hashmaliciousRHADAMANTHYSBrowse

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  IOFLOODUSQhR8Zp6fZs.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  CNUXJvLcgw.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  xWpAZpLw47.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  nnn.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 107.178.108.41
                                                                  ssd.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • 107.178.108.41
                                                                  SqWzv6g2gV.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  RXnQXC1eJa.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  37O0XUq6Vp.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  tO8laPAv1k.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18
                                                                  nPcYcCBa00.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                  • 104.161.43.18

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fontdrvhost.exe_d32c824e8915b30da4efd4eabd13e74e4ef8c1_ad0be647_0b87f3eb-4de0-4855-8f65-70f2903ee286\Report.wer

                                                                  Download File
                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):65536
                                                                  Entropy (8bit):0.6603631794012788
                                                                  Encrypted:false
                                                                  SSDEEP:96:B6FFF8IA3eZqigKJfs3Wrk41yHpHS2QXIDcQkc6tcEycw3ZUtzJzQ+HbHgrZ2ZAp:BYFSeHnfxR0apYKjqzuiFiZ24lO8JO
                                                                  MD5:B109F5049AD7C42631FB6AC3800A94C0
                                                                  SHA1:5F371A21439DF08CB4CF61130C92D16D0DE4DE39
                                                                  SHA-256:6CB17656D4FE61F47F5FB1E822264DD2D109F3C58A3F67FAC03EC7C0B43FFDF1
                                                                  SHA-512:7560AB5A277CAE7B135EEF1E4020C21A9CD3FBA71CC357B2211361F7C180FC0BC0F8431B48A4AFE86744E1A1B6771A02067F3D7F03983967E42E5040EC3CBF06
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.1.7.6.9.5.1.3.5.8.3.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.1.7.7.0.5.1.3.5.7.6.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.8.7.f.3.e.b.-.4.d.e.0.-.4.8.5.5.-.8.f.6.5.-.7.0.f.2.9.0.3.e.e.2.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.0.6.c.8.b.8.3.-.9.b.e.a.-.4.1.d.7.-.9.2.6.f.-.f.9.7.e.8.f.0.9.c.d.1.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.f.o.n.t.d.r.v.h.o.s.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.e.8.-.0.0.0.1.-.0.0.1.4.-.3.d.6.4.-.9.1.0.2.f.3.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.5.e.f.b.3.f.9.7.3.4.2.b.a.1.9.5.4.2.4.1.3.4.f.2.8.f.9.7.7.d.a.9.e.0.d.6.a.a.9.1.!.f.o.n.t.d.r.v.h.o.

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER8BE4.tmp.dmp

                                                                  Download File
                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                  File Type:Mini DuMP crash report, 14 streams, Fri Dec 20 15:22:49 2024, 0x1205a4 type
                                                                  Category:dropped
                                                                  Size (bytes):47590
                                                                  Entropy (8bit):1.2781450663625407
                                                                  Encrypted:false
                                                                  SSDEEP:96:5781ENtQREZeyw9dWCWLD2o7i7+XLhPMTcFWI5LTIonVXQ+:21WuMOct5jnVXQ+
                                                                  MD5:309136CCF22047E60EEE7CF9386ECDB5
                                                                  SHA1:C76CF6F6FC34295745DFFE27186E93868DCB598A
                                                                  SHA-256:B97B59AAA9921A074C02188BF61A8C8B38F6D2463DEAAA92F6351FCDC55652AB
                                                                  SHA-512:9402D68BCB6E31861923F2E34D045ABA232DB41F4E3755B0F66B52EB69F2D34064FA6773A0DCAAE1B54601CF9AF3EBC4D3A0CC0C77F7FCA7CF8CC1F92507ADA7
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:MDMP..a..... ........eg........................................2!..........T.......8...........T...............6.......................................................................................................eJ..............Lw......................T.............eg.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C52.tmp.WERInternalMetadata.xml

                                                                  Download File
                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):8822
                                                                  Entropy (8bit):3.6980683642591834
                                                                  Encrypted:false
                                                                  SSDEEP:192:R6l7wVeJ/Cd876Y54pTSgmfr57vCYpDQ89b+NSlflKm:R6lXJai6YmpTSgmfrFv1+NIf5
                                                                  MD5:47E21015033A03D0E62E3CF2E872C08A
                                                                  SHA1:BCBC4E77487CBC32D7EF4A801807AC79170CDBDC
                                                                  SHA-256:BEDFE54005E513D3CD64A5A7D8E8F3B8077E88B1CAE4124AFC7679DE62C72419
                                                                  SHA-512:1C4A3C35C9F4EA919C60320006ED557282B20197D411BEF9FDD30075F70C1DD52FD11B1D368A75D8CDBCCE7CBF9A1B3F4E75A291247E0F6DC651FBE1BBB191F8
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.2.0.<./.P.i.

                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER8CB1.tmp.xml

                                                                  Download File
                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):4853
                                                                  Entropy (8bit):4.4500002454106555
                                                                  Encrypted:false
                                                                  SSDEEP:48:cvIwWl8zsuJg771I9f/sWpW8VY1Ym8M4Jk5LvM6Fvyq8vU5LvMot+aMu3Fd:uIjfkI7y/F7V1JcjMMWsjMos1uVd
                                                                  MD5:C3943F9F56EBC674AD709AB083C478A9
                                                                  SHA1:470E238799C222C637A568E476A800E51A0408F8
                                                                  SHA-256:12839C365406EC77DA67EF48D7475BE11810EA73C39234EBDD795345F9BFBA17
                                                                  SHA-512:D7C1879AEE257D3CAFEE50DBAF6814D2A456F4CB22E13F469932AE2234FFEA2C4BBB579661AE954CD937FD01EDE8BCAE76C1C40800C0ADEEA5C8442D4437974D
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639745" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                  C:\Users\user\Documents\ThaiPerfecto\sdk\PerfectoUna.exe

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\isWLAjve0K.exe
                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Category:dropped
                                                                  Size (bytes):979567147
                                                                  Entropy (8bit):0.042537908749794844
                                                                  Encrypted:false
                                                                  SSDEEP:
                                                                  MD5:47B30D4999360C0BB3D5F6CBCCD69180
                                                                  SHA1:58AC233BCC0896D7F81D52DD94565B2DD03C1F0C
                                                                  SHA-256:A8B3367017AE9053EBCB6D2152C7529BAEC2567F4F76E06606C9DEDE3461316A
                                                                  SHA-512:49590719B5A7DD53E858537A201DF99F5C03C5E38C50B9407033C8BB4A4040C4ADFAAAA2F578772FDBE9932F47BA76445500C630FA6D830935C3A21B94733EA0
                                                                  Malicious:true
                                                                  Reputation:low
                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Qn..Qn..Qn......@n.......n......Cn......Gn.......n......Wn......Kn......Pn......Ln..Qn..qo.......n....A.Pn..Qn).Pn......Pn..RichQn..........PE..L.....f...............!......$...................@.......................... .......D"...@.................................."...........s!..............)...........w..p...........................@v..@............................................text............................... ..`.rdata...`.......T..................@..@.data....`...@...>... ..............@....rsrc....s!......t!..^..............@..@................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                  Download File
                                                                  Process:C:\Windows\System32\WerFault.exe
                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                  Category:dropped
                                                                  Size (bytes):1835008
                                                                  Entropy (8bit):4.422424264172277
                                                                  Encrypted:false
                                                                  SSDEEP:6144:hSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNU0uhiTw:4vloTyW+EZMM6DFym03w
                                                                  MD5:B84BF89C02AC9CA6038185935C3807AE
                                                                  SHA1:A91C212B34F01E7C637BE8B81D3C206AAA6764E4
                                                                  SHA-256:D173994EBE2C95E3AECEE2B9D49213EAB0705B034EB4A6F56A9F81862A903ACF
                                                                  SHA-512:8B314FF095EAE315CFC7FD0C828B66EAA513A2B128FBBECD2A66B66E894268722CC71CF0C2A002EE8947C68F3EDA86AA6B8011DCF08EB2074D021DA07FB1B0EA
                                                                  Malicious:false
                                                                  Preview:regf?...?....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*.7..R...............................................................................................................................................................................................................................................................................................................................................# 2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):6.47969896206361
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:isWLAjve0K.exe
                                                                  File size:3'002'880 bytes
                                                                  MD5:0160029c14caf2b358598e8824e5cee0
                                                                  SHA1:c39d64553862d7f0d7fc79e8b940e4391c6e2985
                                                                  SHA256:8c9769d73bf34e223790cdba5adf9411382a847d2a02cd914d4d29b4179c84ac
                                                                  SHA512:fd222d22f03a5b2f94cae6045937a9b5fff10b57a2bfb5c87d1e46c930e303e664027371b1118372eaf09bd2383b506e7ead8f85b2b95b4c72db7ae807e31cd6
                                                                  SSDEEP:49152:sh2x8NZ7wn41Ba0TfreaC+1RIYkXYl+RjkgjyL1IPAcmgvCt5G7e:C2yNpwn41kajvI1XYkrXCtIK
                                                                  TLSH:22D55A90E190D012E4B62274D173EAF12A56BC34D57296C7BEBC7D37FA30292491CFA9
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Qn..Qn..Qn......@n.......n......Cn......Gn.......n......Wn......Kn......Pn......Ln..Qn..qo.......n....A.Pn..Qn).Pn......Pn.

                                                                  File Icon

                                                                  Icon Hash:0fe2e0e4e4a0c00f

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x4699c0
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:true
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x66D687C2 [Tue Sep 3 03:51:30 2024 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:5
                                                                  OS Version Minor:1
                                                                  File Version Major:5
                                                                  File Version Minor:1
                                                                  Subsystem Version Major:5
                                                                  Subsystem Version Minor:1
                                                                  Import Hash:d380b5dd5e67dcc659f2ba338538fec5

                                                                  Authenticode Signature

                                                                  Signature Valid:
                                                                  Signature Issuer:
                                                                  Signature Validation Error:
                                                                  Error Number:
                                                                  Not Before, Not After
                                                                    Subject Chain
                                                                      Version:
                                                                      Thumbprint MD5:
                                                                      Thumbprint SHA-1:
                                                                      Thumbprint SHA-256:
                                                                      Serial:

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      call 00007FD078BD31D9h
                                                                      jmp 00007FD078BD25BDh
                                                                      cmp ecx, dword ptr [004C4014h]
                                                                      jne 00007FD078BD2753h
                                                                      ret
                                                                      jmp 00007FD078BD2C71h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      jmp 00007FD078BD275Fh
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FD078BEDECCh
                                                                      pop ecx
                                                                      test eax, eax
                                                                      je 00007FD078BD2761h
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FD078BE2464h
                                                                      pop ecx
                                                                      test eax, eax
                                                                      je 00007FD078BD2738h
                                                                      pop ebp
                                                                      ret
                                                                      cmp dword ptr [ebp+08h], FFFFFFFFh
                                                                      je 00007FD078B6A093h
                                                                      jmp 00007FD078BD146Ah
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      push dword ptr [ebp+08h]
                                                                      call 00007FD078B90AD2h
                                                                      pop ecx
                                                                      pop ebp
                                                                      ret
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      int3
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      test byte ptr [ebp+08h], 00000001h
                                                                      push esi
                                                                      mov esi, ecx
                                                                      mov dword ptr [esi], 004A070Ch
                                                                      je 00007FD078BD275Ch
                                                                      push 0000000Ch
                                                                      push esi
                                                                      call 00007FD078BD2723h
                                                                      pop ecx
                                                                      pop ecx
                                                                      mov eax, esi
                                                                      pop esi
                                                                      pop ebp
                                                                      retn 0004h
                                                                      push ebp
                                                                      mov ebp, esp
                                                                      mov eax, dword ptr [ebp+08h]
                                                                      push esi
                                                                      mov ecx, dword ptr [eax+3Ch]
                                                                      add ecx, eax
                                                                      movzx eax, word ptr [ecx+14h]
                                                                      lea edx, dword ptr [ecx+18h]
                                                                      add edx, eax
                                                                      movzx eax, word ptr [ecx+06h]
                                                                      imul esi, eax, 28h
                                                                      add esi, edx
                                                                      cmp edx, esi
                                                                      je 00007FD078BD276Bh
                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                      cmp ecx, dword ptr [edx+0Ch]
                                                                      jc 00007FD078BD275Ch
                                                                      mov eax, dword ptr [edx+08h]
                                                                      add eax, dword ptr [edx+0Ch]
                                                                      cmp ecx, eax
                                                                      jc 00007FD078BD275Eh
                                                                      add edx, 28h
                                                                      cmp edx, esi
                                                                      jne 00007FD078BD273Ch
                                                                      xor eax, eax
                                                                      pop esi
                                                                      pop ebp
                                                                      ret
                                                                      mov eax, edx
                                                                      jmp 00007FD078BD274Bh

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc22b80xf0.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x2173c4.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1ece000x29b0.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x1e90000x83f0.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb77000x70.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb76400x40.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9e0000x2d4.rdata
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x10000x9d0000x9c800a97b83c1d61ae37a6b1d82de1541192aFalse0.48704104682507987data6.8486737482177835IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rdata0x9e0000x260000x25400d790b3c8cf1b25d45132c57f39da20dbFalse0.4319158976510067OpenPGP Public Key5.286889943102737IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .data0xc40000x60000x3e00b85321419fe5188a490d671b23de46a9False0.2203881048387097DOS executable (block device driver \377\377\377\377)4.962627347583609IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0xca0000x2173c40x217400b93592b047ff65d06c64200fe047b936unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      AFX_DIALOG_LAYOUT0xcc9840x2dataEnglishGreat Britain5.0
                                                                      BRANDING0xcc9880xf2d8PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsEnglishGreat Britain0.5785452322738386
                                                                      RT_BITMAP0xdbc600x6804Device independent bitmap graphic, 391 x 17 x 32, image size 26588, resolution 3582 x 3582 px/mEnglishGreat Britain0.2400105152471083
                                                                      RT_BITMAP0xe24640x5c28Device independent bitmap graphic, 368 x 16 x 32, image size 23552, resolution 3700 x 3700 px/mEnglishGreat Britain0.2527975584944049
                                                                      RT_BITMAP0xe808c0x8fe8Device independent bitmap graphic, 460 x 20 x 32, image size 36800, resolution 3503 x 3503 px/mEnglishGreat Britain0.2719326818675353
                                                                      RT_BITMAP0xf10740xcf28Device independent bitmap graphic, 552 x 24 x 32, image size 52992, resolution 3543 x 3543 px/mEnglishGreat Britain0.23167144365666012
                                                                      RT_BITMAP0xfdf9c0x17028Device independent bitmap graphic, 736 x 32 x 32, image size 94208, resolution 3543 x 3543 px/mEnglishGreat Britain0.1775528393175452
                                                                      RT_BITMAP0x114fc40x23f28Device independent bitmap graphic, 920 x 40 x 32, image size 147200, resolution 3503 x 3503 px/mEnglishGreat Britain0.14206058136375985
                                                                      RT_BITMAP0x138eec0x9ea4Device independent bitmap graphic, 483 x 21 x 32, image size 40572, resolution 3582 x 3582 px/mEnglishGreat Britain0.2606618733379297
                                                                      RT_BITMAP0x142d900xe0c4Device independent bitmap graphic, 575 x 25 x 32, image size 57500, resolution 3503 x 3503 px/mEnglishGreat Britain0.21746611053180395
                                                                      RT_BITMAP0x150e540x19f98Device independent bitmap graphic, 782 x 34 x 32, image size 106352, resolution 3543 x 3543 px/mEnglishGreat Britain0.16091435446274155
                                                                      RT_BITMAP0x16adec0x27a18Device independent bitmap graphic, 966 x 42 x 32, image size 162288, resolution 3582 x 3582 px/mEnglishGreat Britain0.13048272633187127
                                                                      RT_BITMAP0x1928040x2028Device independent bitmap graphic, 128 x 16 x 32, image size 8192, resolution 3700 x 3700 px/mEnglishGreat Britain0.04652575315840622
                                                                      RT_BITMAP0x19482c0x3228Device independent bitmap graphic, 160 x 20 x 32, image size 12800, resolution 3700 x 3700 px/mEnglishGreat Britain0.07842679127725857
                                                                      RT_BITMAP0x197a540x4828Device independent bitmap graphic, 192 x 24 x 32, image size 18432, resolution 3661 x 3661 px/mEnglishGreat Britain0.056463837158943264
                                                                      RT_BITMAP0x19c27c0x8028Device independent bitmap graphic, 256 x 32 x 32, image size 32768, resolution 3661 x 3661 px/mEnglishGreat Britain0.0326749573274811
                                                                      RT_BITMAP0x1a42a40xc828Device independent bitmap graphic, 320 x 40 x 32, image size 51200, resolution 3661 x 3661 px/mEnglishGreat Britain0.03266978922716628
                                                                      RT_BITMAP0x1b0acc0xab8Device independent bitmap graphic, 52 x 13 x 32, image size 2704, resolution 2795 x 2795 px/mEnglishGreat Britain0.1271865889212828
                                                                      RT_BITMAP0x1b15840x1028Device independent bitmap graphic, 64 x 16 x 32, image size 4096, resolution 3622 x 3622 px/mEnglishGreat Britain0.1071083172147002
                                                                      RT_BITMAP0x1b25ac0x16b8Device independent bitmap graphic, 76 x 19 x 32, image size 5776, resolution 3622 x 3622 px/mEnglishGreat Britain0.10333562585969738
                                                                      RT_BITMAP0x1b3c640x2a68Device independent bitmap graphic, 104 x 26 x 32, image size 10816, resolution 3661 x 3661 px/mEnglishGreat Britain0.05407148120854827
                                                                      RT_BITMAP0x1b66cc0x4028Device independent bitmap graphic, 128 x 32 x 32, image size 16384, resolution 3661 x 3661 px/mEnglishGreat Britain0.0479176814417925
                                                                      RT_BITMAP0x1ba6f40x2028Device independent bitmap graphic, 16 x 128 x 32, image size 8192, resolution 2834 x 2834 px/mEnglishGreat Britain0.22983479105928087
                                                                      RT_BITMAP0x1bc71c0x1028Device independent bitmap graphic, 32 x 32 x 32, image size 4096, resolution 3780 x 3780 px/mEnglishCanada0.30947775628626695
                                                                      RT_ICON0x1bd7440xa93fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004846862233712
                                                                      RT_ICON0x1c80840x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.4612659423712801
                                                                      RT_ICON0x1cc2ac0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.5268672199170125
                                                                      RT_ICON0x1ce8540x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6400, resolution 2834 x 2834 px/mEnglishUnited States0.5328402366863906
                                                                      RT_ICON0x1d02bc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.5450281425891182
                                                                      RT_ICON0x1d13640x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 2834 x 2834 px/mEnglishUnited States0.5586065573770492
                                                                      RT_ICON0x1d1cec0x664Device independent bitmap graphic, 20 x 38 x 32, image size 1520, resolution 2834 x 2834 px/mEnglishUnited States0.7041564792176039
                                                                      RT_ICON0x1d23500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.6932624113475178
                                                                      RT_MENU0x1d27b80x5edataEnglishGreat Britain0.8617021276595744
                                                                      RT_MENU0x1d28180x13cdataEnglishGreat Britain0.49683544303797467
                                                                      RT_MENU0x1d29540x8edataEnglishGreat Britain0.6971830985915493
                                                                      RT_MENU0x1d29e40x1aadataEnglishGreat Britain0.42018779342723006
                                                                      RT_MENU0x1d2b900xdadataEnglishGreat Britain0.6238532110091743
                                                                      RT_MENU0x1d2c6c0x164dataEnglishGreat Britain0.547752808988764
                                                                      RT_MENU0x1d2dd00xbedataEnglishGreat Britain0.6368421052631579
                                                                      RT_MENU0x1d2e900xaedataEnglishGreat Britain0.632183908045977
                                                                      RT_MENU0x1d2f400xb8dataEnglishGreat Britain0.657608695652174
                                                                      RT_DIALOG0x1d2ff80x530dataEnglishGreat Britain0.42846385542168675
                                                                      RT_DIALOG0x1d35280x238dataEnglishGreat Britain0.4982394366197183
                                                                      RT_DIALOG0x1d37600xe8dataEnglishGreat Britain0.6508620689655172
                                                                      RT_DIALOG0x1d38480x1c8dataEnglishGreat Britain0.5657894736842105
                                                                      RT_DIALOG0x1d3a100x1e0dataEnglishGreat Britain0.49166666666666664
                                                                      RT_DIALOG0x1d3bf00x1acdataEnglishGreat Britain0.5607476635514018
                                                                      RT_DIALOG0x1d3d9c0x1ccdataEnglishGreat Britain0.5
                                                                      RT_DIALOG0x1d3f680x1e4dataEnglishGreat Britain0.5206611570247934
                                                                      RT_DIALOG0x1d414c0x33cdataEnglishGreat Britain0.358695652173913
                                                                      RT_DIALOG0x1d44880x6b6dataEnglishGreat Britain0.3911525029103609
                                                                      RT_DIALOG0x1d4b400x1a4dataEnglishGreat Britain0.5166666666666667
                                                                      RT_DIALOG0x1d4ce40x1cedataEnglishGreat Britain0.48268398268398266
                                                                      RT_DIALOG0x1d4eb40x4e4dataEnglishGreat Britain0.40814696485623003
                                                                      RT_DIALOG0x1d53980x57edataEnglishGreat Britain0.4139402560455192
                                                                      RT_DIALOG0x1d59180x54dataEnglishGreat Britain0.8095238095238095
                                                                      RT_DIALOG0x1d596c0xe0dataEnglishGreat Britain0.6517857142857143
                                                                      RT_DIALOG0x1d5a4c0x29adataEnglishGreat Britain0.47297297297297297
                                                                      RT_DIALOG0x1d5ce80xdcdataEnglishGreat Britain0.6363636363636364
                                                                      RT_DIALOG0x1d5dc40x70dataEnglishGreat Britain0.7857142857142857
                                                                      RT_DIALOG0x1d5e340x1cedataEnglishGreat Britain0.48484848484848486
                                                                      RT_DIALOG0x1d60040x180dataEnglishGreat Britain0.5755208333333334
                                                                      RT_DIALOG0x1d61840x230dataEnglishGreat Britain0.4446428571428571
                                                                      RT_DIALOG0x1d63b40xc4dataEnglishGreat Britain0.7244897959183674
                                                                      RT_DIALOG0x1d64780x14cdataEnglishGreat Britain0.5993975903614458
                                                                      RT_DIALOG0x1d65c40x462dataEnglishGreat Britain0.43137254901960786
                                                                      RT_DIALOG0x1d6a280x468dataEnglishGreat Britain0.43351063829787234
                                                                      RT_DIALOG0x1d6e900x224dataEnglishGreat Britain0.5091240875912408
                                                                      RT_DIALOG0x1d70b40x286dataEnglishGreat Britain0.5046439628482973
                                                                      RT_DIALOG0x1d733c0x1e8dataEnglishGreat Britain0.5758196721311475
                                                                      RT_DIALOG0x1d75240xc8dBase III DBT, next free block index 4294901761EnglishGreat Britain0.665
                                                                      RT_DIALOG0x1d75ec0x938dataEnglishGreat Britain0.3771186440677966
                                                                      RT_DIALOG0x1d7f240x462dataEnglishGreat Britain0.446524064171123
                                                                      RT_DIALOG0x1d83880x48adataEnglishGreat Britain0.3717728055077453
                                                                      RT_DIALOG0x1d88140x34dataEnglishGreat Britain0.9038461538461539
                                                                      RT_DIALOG0x1d88480x336dataEnglishGreat Britain0.38929440389294406
                                                                      RT_DIALOG0x1d8b800x462dataEnglishGreat Britain0.44563279857397503
                                                                      RT_DIALOG0x1d8fe40xd6dBase III DBT, next free block index 4294901761EnglishGreat Britain0.7009345794392523
                                                                      RT_DIALOG0x1d90bc0x37cdataEnglishGreat Britain0.4461883408071749
                                                                      RT_DIALOG0x1d94380xd4dataEnglishGreat Britain0.6037735849056604
                                                                      RT_DIALOG0x1d950c0x2c8dataEnglishGreat Britain0.44662921348314605
                                                                      RT_DIALOG0x1d97d40x1a2dataEnglishGreat Britain0.5239234449760766
                                                                      RT_DIALOG0x1d99780x186dataEnglishGreat Britain0.5948717948717949
                                                                      RT_DIALOG0x1d9b000x3b4dataEnglishGreat Britain0.4588607594936709
                                                                      RT_DIALOG0x1d9eb40x38adataEnglishGreat Britain0.45916114790286977
                                                                      RT_DIALOG0x1da2400x3c8dataEnglishGreat Britain0.3894628099173554
                                                                      RT_DIALOG0x1da6080x428dataEnglishGreat Britain0.36654135338345867
                                                                      RT_DIALOG0x1daa300x92dataEnglishGreat Britain0.6027397260273972
                                                                      RT_DIALOG0x1daac40x39cdataEnglishGreat Britain0.4090909090909091
                                                                      RT_DIALOG0x1dae600x248dataEnglishGreat Britain0.488013698630137
                                                                      RT_DIALOG0x1db0a80x51cdataEnglishGreat Britain0.4258409785932722
                                                                      RT_DIALOG0x1db5c40x558dataEnglishGreat Britain0.4159356725146199
                                                                      RT_DIALOG0x1dbb1c0x4fedataEnglishGreat Britain0.4460093896713615
                                                                      RT_DIALOG0x1dc01c0x544dataEnglishGreat Britain0.41839762611275966
                                                                      RT_DIALOG0x1dc5600x454dataEnglishGreat Britain0.4575812274368231
                                                                      RT_DIALOG0x1dc9b40x144dataEnglishGreat Britain0.6172839506172839
                                                                      RT_DIALOG0x1dcaf80x514dataEnglishGreat Britain0.4276923076923077
                                                                      RT_DIALOG0x1dd00c0x248dataEnglishGreat Britain0.4674657534246575
                                                                      RT_DIALOG0x1dd2540x1dcdataEnglishGreat Britain0.5189075630252101
                                                                      RT_DIALOG0x1dd4300xfcdataEnglishGreat Britain0.6746031746031746
                                                                      RT_DIALOG0x1dd52c0x40dataEnglishGreat Britain0.875
                                                                      RT_DIALOG0x1dd56c0x334dataEnglishGreat Britain0.44390243902439025
                                                                      RT_STRING0x1dd8a00x66Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishGreat Britain0.5882352941176471
                                                                      RT_STRING0x1dd9080x3a0dataEnglishGreat Britain0.3426724137931034
                                                                      RT_STRING0x1ddca80x14edataEnglishGreat Britain0.45209580838323354
                                                                      RT_STRING0x1dddf80x112dataEnglishGreat Britain0.5656934306569343
                                                                      RT_STRING0x1ddf0c0x10edataEnglishGreat Britain0.5962962962962963
                                                                      RT_STRING0x1de01c0xbcdataEnglishGreat Britain0.6223404255319149
                                                                      RT_STRING0x1de0d80x10edataEnglishGreat Britain0.5296296296296297
                                                                      RT_STRING0x1de1e80x64Matlab v4 mat-file (little endian) W, numeric, rows 0, columns 0EnglishGreat Britain0.76
                                                                      RT_STRING0x1de24c0x8cdataEnglishGreat Britain0.5214285714285715
                                                                      RT_STRING0x1de2d80x90dataEnglishGreat Britain0.7013888888888888
                                                                      RT_STRING0x1de3680x3e6dataEnglishGreat Britain0.3897795591182365
                                                                      RT_STRING0x1de7500x200dataEnglishGreat Britain0.455078125
                                                                      RT_STRING0x1de9500xe4dataEnglishGreat Britain0.631578947368421
                                                                      RT_STRING0x1dea340x40dataEnglishGreat Britain0.65625
                                                                      RT_STRING0x1dea740xe2dataEnglishGreat Britain0.4911504424778761
                                                                      RT_STRING0x1deb580x30adataEnglishGreat Britain0.32005141388174807
                                                                      RT_STRING0x1dee640x4eMatlab v4 mat-file (little endian) %, numeric, rows 0, columns 0EnglishGreat Britain0.5641025641025641
                                                                      RT_STRING0x1deeb40x54dataEnglishGreat Britain0.75
                                                                      RT_STRING0x1def080x2cedataEnglishGreat Britain0.38997214484679665
                                                                      RT_STRING0x1df1d80x1cedataEnglishGreat Britain0.49783549783549785
                                                                      RT_STRING0x1df3a80x2dcdataEnglishGreat Britain0.43579234972677594
                                                                      RT_STRING0x1df6840x48adataEnglishGreat Britain0.33304647160068845
                                                                      RT_STRING0x1dfb100x466dataEnglishGreat Britain0.35790408525754885
                                                                      RT_STRING0x1dff780x45edataEnglishGreat Britain0.35778175313059035
                                                                      RT_STRING0x1e03d80xe8dataEnglishGreat Britain0.5775862068965517
                                                                      RT_STRING0x1e04c00x36edataEnglishGreat Britain0.36446469248291574
                                                                      RT_STRING0x1e08300x244dataEnglishGreat Britain0.41551724137931034
                                                                      RT_STRING0x1e0a740x30dataEnglishGreat Britain0.6666666666666666
                                                                      RT_STRING0x1e0aa40x84dataEnglishGreat Britain0.6060606060606061
                                                                      RT_STRING0x1e0b280x160dataEnglishGreat Britain0.5340909090909091
                                                                      RT_STRING0x1e0c880x1d4dataEnglishGreat Britain0.5042735042735043
                                                                      RT_STRING0x1e0e5c0xb0dataEnglishGreat Britain0.6704545454545454
                                                                      RT_STRING0x1e0f0c0x120dataEnglishGreat Britain0.5798611111111112
                                                                      RT_STRING0x1e102c0x8edataEnglishGreat Britain0.5915492957746479
                                                                      RT_STRING0x1e10bc0x240Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0EnglishGreat Britain0.4409722222222222
                                                                      RT_STRING0x1e12fc0x3e2dataEnglishGreat Britain0.3983903420523139
                                                                      RT_STRING0x1e16e00x390dataEnglishGreat Britain0.4144736842105263
                                                                      RT_STRING0x1e1a700x17edataEnglishGreat Britain0.5523560209424084
                                                                      RT_STRING0x1e1bf00x220dataEnglishGreat Britain0.43566176470588236
                                                                      RT_STRING0x1e1e100x134dataEnglishGreat Britain0.5162337662337663
                                                                      RT_STRING0x1e1f440x3badataEnglishGreat Britain0.4025157232704403
                                                                      RT_STRING0x1e23000x37edataEnglishGreat Britain0.3680089485458613
                                                                      RT_STRING0x1e26800x1cadataEnglishGreat Britain0.425764192139738
                                                                      RT_STRING0x1e284c0x24cdataEnglishGreat Britain0.4744897959183674
                                                                      RT_STRING0x1e2a980x7edataEnglishGreat Britain0.6111111111111112
                                                                      RT_STRING0x1e2b180x128dataEnglishGreat Britain0.46621621621621623
                                                                      RT_STRING0x1e2c400x162Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0EnglishGreat Britain0.4943502824858757
                                                                      RT_STRING0x1e2da40x3e8dataEnglishGreat Britain0.288
                                                                      RT_STRING0x1e318c0x322AmigaOS bitmap font "r", fc_YSize 29696, 16896 elements, 2nd "r", 3rd ""EnglishGreat Britain0.3640897755610973
                                                                      RT_STRING0x1e34b00xa8dataEnglishGreat Britain0.4880952380952381
                                                                      RT_STRING0x1e35580x1c8dataEnglishGreat Britain0.5263157894736842
                                                                      RT_STRING0x1e37200xfcdataEnglishGreat Britain0.623015873015873
                                                                      RT_STRING0x1e381c0x2b2dataEnglishGreat Britain0.463768115942029
                                                                      RT_STRING0x1e3ad00x7cdataEnglishGreat Britain0.717741935483871
                                                                      RT_STRING0x1e3b4c0x5edataEnglishGreat Britain0.6808510638297872
                                                                      RT_STRING0x1e3bac0x82dataEnglishGreat Britain0.7
                                                                      RT_STRING0x1e3c300x84dataEnglishGreat Britain0.7424242424242424
                                                                      RT_STRING0x1e3cb40x2c2dataEnglishGreat Britain0.41076487252124644
                                                                      RT_STRING0x1e3f780x178Matlab v4 mat-file (little endian) K, numeric, rows 0, columns 0EnglishGreat Britain0.5132978723404256
                                                                      RT_STRING0x1e40f00x2c8dataEnglishGreat Britain0.4705056179775281
                                                                      RT_STRING0x1e43b80xe2AmigaOS bitmap font "s", 16640 elements, 2nd, 3rdEnglishGreat Britain0.5265486725663717
                                                                      RT_STRING0x1e449c0x138Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0EnglishGreat Britain0.5
                                                                      RT_STRING0x1e45d40x46dataEnglishGreat Britain0.6857142857142857
                                                                      RT_STRING0x1e461c0xfcdataEnglishGreat Britain0.5634920634920635
                                                                      RT_STRING0x1e47180x416dataEnglishGreat Britain0.4435946462715105
                                                                      RT_STRING0x1e4b300x26dataEnglishGreat Britain0.42105263157894735
                                                                      RT_STRING0x1e4b580x192dataEnglishGreat Britain0.5149253731343284
                                                                      RT_STRING0x1e4cec0x126dataEnglishGreat Britain0.6020408163265306
                                                                      RT_STRING0x1e4e140x31edataEnglishGreat Britain0.41729323308270677
                                                                      RT_STRING0x1e51340x9aMatlab v4 mat-file (little endian) I, numeric, rows 0, columns 0EnglishGreat Britain0.6558441558441559
                                                                      RT_STRING0x1e51d00x5cdataEnglishGreat Britain0.7065217391304348
                                                                      RT_STRING0x1e522c0xaedataEnglishGreat Britain0.6551724137931034
                                                                      RT_STRING0x1e52dc0x6cdataEnglishGreat Britain0.6944444444444444
                                                                      RT_STRING0x1e53480x11cdataEnglishGreat Britain0.6126760563380281
                                                                      RT_STRING0x1e54640x238Targa image data 110 x 116 x 32 +99 +101EnglishGreat Britain0.5017605633802817
                                                                      RT_STRING0x1e569c0x16adataEnglishGreat Britain0.5497237569060773
                                                                      RT_STRING0x1e58080x19cdataEnglishGreat Britain0.5
                                                                      RT_STRING0x1e59a40x5cdataEnglishGreat Britain0.6413043478260869
                                                                      RT_STRING0x1e5a000x6a0dataEnglishGreat Britain0.35200471698113206
                                                                      RT_STRING0x1e60a00x5cdataEnglishGreat Britain0.7065217391304348
                                                                      RT_STRING0x1e60fc0x1e8dataEnglishGreat Britain0.514344262295082
                                                                      RT_STRING0x1e62e40x58dataEnglishGreat Britain0.6931818181818182
                                                                      RT_STRING0x1e633c0x1e0dataEnglishGreat Britain0.4666666666666667
                                                                      RT_STRING0x1e651c0x22adataEnglishGreat Britain0.37906137184115524
                                                                      RT_STRING0x1e67480x672Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0EnglishGreat Britain0.18424242424242424
                                                                      RT_STRING0x1e6dbc0xdb8dataEnglishGreat Britain0.10763097949886105
                                                                      RT_STRING0x1e7b740x108dataEnglishGreat Britain0.375
                                                                      RT_STRING0x1e7c7c0x14adataEnglishGreat Britain0.5878787878787879
                                                                      RT_STRING0x1e7dc80x276dataEnglishGreat Britain0.4365079365079365
                                                                      RT_STRING0x1e80400x186dataEnglishGreat Britain0.517948717948718
                                                                      RT_STRING0x1e81c80x3c6dataEnglishGreat Britain0.40372670807453415
                                                                      RT_STRING0x1e85900x4edataEnglishGreat Britain0.6538461538461539
                                                                      RT_ACCELERATOR0x1e85e00x70dataEnglishGreat Britain0.6785714285714286
                                                                      RT_GROUP_ICON0x1e86500x76dataEnglishUnited States0.7372881355932204
                                                                      RT_VERSION0x1e86c80x34cdataEnglishUnited States0.44549763033175355
                                                                      RT_DLGINCLUDE0x1e8a140x6dc36PC bitmap, Windows 3.x format, 56534 x 2 x 38, image size 450381, cbSize 449590, bits offset 540.6975666718565804
                                                                      RT_ANIICON0x25664c0xe5c7PC bitmap, Windows 3.x format, 7784 x 2 x 54, image size 59484, cbSize 58823, bits offset 540.3808714278428506
                                                                      RT_ANIICON0x264c140xac08PC bitmap, Windows 3.x format, 5601 x 2 x 40, image size 44701, cbSize 44040, bits offset 540.3312897366030881
                                                                      RT_ANIICON0x26f81c0xbec9PC bitmap, Windows 3.x format, 6406 x 2 x 36, image size 49652, cbSize 48841, bits offset 540.3488872054216744
                                                                      RT_ANIICON0x27b6e80x35181PC bitmap, Windows 3.x format, 27629 x 2 x 45, image size 218300, cbSize 217473, bits offset 540.47169993516436526
                                                                      RT_ANIICON0x2b086c0x307efPC bitmap, Windows 3.x format, 25093 x 2 x 48, image size 198787, cbSize 198639, bits offset 540.4645412028856368
                                                                      RT_MANIFEST0x2e105c0x365XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (809), with CRLF line terminatorsEnglishUnited States0.4844649021864212

                                                                      Imports

                                                                      DLLImport
                                                                      KERNEL32.dllWideCharToMultiByte, CopyFileW, FreeLibrary, GetExitCodeProcess, QueryPerformanceFrequency, GetProcAddress, CloseHandle, DeleteFileW, MultiByteToWideChar, SetFileAttributesW, OpenProcess, WaitForSingleObject, FindClose, GetTempPathW, GetModuleFileNameW, GetCurrentProcess, FindNextFileW, FindFirstFileW, DeleteCriticalSection, DecodePointer, InitializeCriticalSectionEx, GetProcessHeap, HeapAlloc, CreateThread, ResumeThread, Sleep, HeapFree, VerifyVersionInfoW, SetEndOfFile, WriteConsoleW, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, ReadConsoleW, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, LCMapStringW, CompareStringW, GetConsoleMode, GetConsoleOutputCP, SetFilePointerEx, GetFileType, GetCommandLineW, GetCommandLineA, GetModuleHandleExW, ExitProcess, GetStdHandle, GetTimeZoneInformation, LoadLibraryExW, TlsFree, GetLastError, TlsSetValue, TlsGetValue, TlsAlloc, InterlockedPushEntrySList, GetFileSizeEx, CreateFileW, SetLastError, TerminateProcess, HeapSize, CreateToolhelp32Snapshot, CreateEventW, ProcessIdToSessionId, Process32NextW, SetEvent, GlobalAlloc, Process32FirstW, GlobalFree, HeapReAlloc, ResetEvent, LocalFree, GetCurrentProcessId, GetModuleHandleW, lstrcmpiW, lstrcmpW, ReadFile, EnterCriticalSection, WriteFile, CreateNamedPipeW, LeaveCriticalSection, InitializeCriticalSection, ConnectNamedPipe, SetFilePointer, GetCurrentThreadId, LocalAlloc, GetFileAttributesW, MoveFileExW, FlushFileBuffers, GetFileInformationByHandle, GetUserDefaultLangID, FileTimeToSystemTime, GetLocalTime, GetTimeFormatW, SystemTimeToFileTime, GetDateFormatW, CreateMutexW, ReleaseMutex, OpenMutexW, GetVersionExW, GetUserDefaultUILanguage, GetStringTypeW, EncodePointer, LCMapStringEx, GetCPInfo, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, InitializeSListHead, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, QueryPerformanceCounter, GetSystemTimeAsFileTime, IsDebuggerPresent, GetStartupInfoW, OutputDebugStringW, RaiseException, RtlUnwind, VerSetConditionMask
                                                                      ADVAPI32.dllCryptGenRandom, GetTokenInformation, DuplicateTokenEx, CreateProcessAsUserW, FreeSid, AllocateAndInitializeSid, EqualSid, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, StartServiceCtrlDispatcherW, CryptReleaseContext, CryptAcquireContextA, RegisterServiceCtrlHandlerW, SetServiceStatus
                                                                      SHELL32.dllSHCreateDirectoryExW, SHGetSpecialFolderPathW
                                                                      ole32.dllStringFromGUID2, CoInitialize, CoUninitialize, CoCreateGuid
                                                                      OLEAUT32.dllVariantClear
                                                                      WTSAPI32.dllWTSQueryUserToken, WTSEnumerateSessionsW, WTSFreeMemory
                                                                      USERENV.dllDestroyEnvironmentBlock, CreateEnvironmentBlock
                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                      SHLWAPI.dllPathRemoveFileSpecW, PathFileExistsW, PathIsDirectoryW, PathRenameExtensionW, PathAppendW, PathFindFileNameW, PathRemoveExtensionW, PathAddExtensionW, PathIsFileSpecW
                                                                      CRYPT32.dllCertGetNameStringW
                                                                      WINTRUST.dllWinVerifyTrust, WTHelperGetProvCertFromChain, WTHelperProvDataFromStateData, WTHelperGetProvSignerFromChain

                                                                      Possible Origin

                                                                      Language of compilation systemCountry where language is spokenMap
                                                                      EnglishGreat Britain
                                                                      EnglishCanada
                                                                      EnglishUnited States

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-12-20T16:22:36.528593+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert1104.161.43.182845192.168.2.549727TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 20, 2024 16:22:34.929923058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:35.049660921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:35.049767971 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:35.049942017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:35.170481920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:36.276555061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:36.349900007 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:36.409018040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:36.528593063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:36.784960985 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:36.793662071 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:36.913423061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192173004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192193985 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192207098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192219019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192229986 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192240953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192255020 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.192378044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.192477942 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.196018934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.196361065 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.196438074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.200361967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.204349041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.204394102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.204427004 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.204461098 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.313241005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.365550041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.383959055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.384013891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.384094000 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.387789965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.387882948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.387954950 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.395256042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.398072958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.398132086 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.398216963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.405782938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.406280041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.406351089 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.413496017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.413552046 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.414376020 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.421278000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.421541929 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.421647072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.429294109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.429331064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.429363966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.436805010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.436856985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.437637091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.444569111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.444642067 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.445087910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.452286005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.452368975 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.452527046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.460053921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.460089922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.460124969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.485274076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.485392094 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.575936079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.576154947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.576204062 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.578272104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.578547955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.578588009 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.586340904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.586395979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.586443901 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.593595028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.594527006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.594571114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.601434946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.601474047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.601521015 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.609179020 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.609270096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.609364033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.616947889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.617285967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.617328882 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.624630928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.624929905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.624978065 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.629692078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.629852057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.629961967 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.634780884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.635304928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.635350943 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.639769077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.640146971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.640192032 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.644870043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.644999981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.645046949 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.649938107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.650320053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.650377035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.654867887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.655030966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.655078888 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.660036087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.660130978 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.660178900 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.665087938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.666663885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.666699886 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.669945002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.670356035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.670407057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.675271034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.675579071 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.675631046 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.680246115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.680293083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.680346966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.685309887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.685324907 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.685432911 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.695804119 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.696144104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.696192026 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.698385000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.698523998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.698573112 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.703536034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.703706980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.703754902 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.708632946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.709139109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.709252119 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.713465929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.756119967 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.769526958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.769649029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.769773960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.771879911 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.772732019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.772772074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.776516914 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.776659012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.776700974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.781356096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.781793118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.781847000 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.785617113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.785851002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.785897017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.789992094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.790239096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.790285110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.793941975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.794164896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.794218063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.798171043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.798264980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.798315048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.802009106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.802104950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.802151918 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.805974007 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.806194067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.806241989 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.809463024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.810425997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.810470104 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.813076019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.813683987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.813729048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.816663027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.816939116 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.816983938 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.820245028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.820605993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.820661068 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.823787928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.823802948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.823857069 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.825948954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.826492071 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.826586962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.827778101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.828178883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.828227043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.829816103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.830039024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.830105066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.831868887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.832029104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.832071066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.834002018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.836136103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.836149931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.836162090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.836183071 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.836198092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.838161945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.839561939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.839653015 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.840142965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.840359926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.840706110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.842154026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.842403889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.842447042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.844489098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.844501972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.844544888 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.846405983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.846425056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.846646070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.848298073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.848310947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.848350048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.850421906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.850493908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.850593090 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.852408886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.852616072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.852660894 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.854418993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.854538918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.854625940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.856414080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.856493950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.856538057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.858453035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.858772039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.858830929 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.860604048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.860677004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.860759974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.863018990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.863347054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.863399982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.865164995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.865179062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.865232944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.866652966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.868063927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.868108034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.869123936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.869272947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.869309902 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.870754004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.871196032 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.872837067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.872920036 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.873475075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.874604940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.874891043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.875300884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.875353098 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.876925945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.877171040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.878191948 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.878922939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.928005934 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.960316896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.960335970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.960408926 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.961302996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.961833000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.961877108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.963270903 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.964065075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.964109898 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.964483976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.966053009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.966098070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.966255903 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.967956066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.967997074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.968090057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.969914913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.969960928 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.970114946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.971771002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.971811056 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.971831083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.973645926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.973690987 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.973752022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.975296974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.975421906 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.975538969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.978318930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.978331089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.978365898 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.978756905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.978799105 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.979180098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.980362892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.980427980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.980540991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.982161999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.982208967 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.982275963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.983670950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.983683109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.983747959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.985289097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.985352039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.985368967 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.986841917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.986886978 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.987406969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.988554001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.988596916 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.988725901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.989907026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.989953995 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.990555048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.992237091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.992249966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.992285967 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.992961884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.993010044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.993160963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.994580984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.994622946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.994645119 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.996073961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.996114969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.996202946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.997512102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.997541904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.997565985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.998934984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:37.998974085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:37.999012947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.000431061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.000473976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.000623941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.001843929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.001899004 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.002017021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.003273010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.003356934 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.003392935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.004641056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.004686117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.004818916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.006130934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.006268024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.006381989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.007642031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.007703066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.007951975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.009035110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.009087086 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.009166956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.010426044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.010440111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.010479927 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.011809111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.011851072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.012234926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.013209105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.013267040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.013561964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.014604092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.014704943 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.014934063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.016068935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.016129017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.016242981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.017457008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.017505884 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.017779112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.018925905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.018965960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.019098997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.020329952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.020368099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.021635056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.021821022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.021832943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.021928072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.023161888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.023207903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.023516893 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.024632931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.024673939 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.024970055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.026124001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.026195049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.026309013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.027451992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.027498007 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.027504921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.028930902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.028995037 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.029143095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.030271053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.030323982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.030626059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.031841993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.031886101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.031887054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.033262968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.033356905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.033787012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.034555912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.034595966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.034671068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.036032915 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.036097050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.036176920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.037432909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.037478924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.037714958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.038803101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.038846016 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.039005995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.040221930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.040267944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.153009892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.153125048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.153172970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.153614044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.153934002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.153976917 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.154912949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.155055046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.155143023 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.155862093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.156222105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.156267881 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.157027960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.157183886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.157238007 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.158128977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.158293009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.158334017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.159281015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.159357071 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.159396887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.160336971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.160453081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.160492897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.161485910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.161669016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.161748886 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.162503958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.162839890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.163014889 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.163702011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.163713932 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.163760900 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.164675951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.165076971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.165124893 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.165729046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.165821075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.165864944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.166799068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.167198896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.167242050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.168049097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.169097900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.169146061 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.169229031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.169240952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.169281006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.170017958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.170108080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.170207977 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.171113968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.171945095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.171994925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.172187090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.172199011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.172264099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.173228025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.173535109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.173583984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.174277067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.174407959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.174451113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.175394058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.175533056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.175757885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.176423073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.176573992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.176767111 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.177512884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.177769899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.177835941 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.178776979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.178999901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.179040909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.180157900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.180274963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.180341959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.181368113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.181469917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.182360888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.182391882 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.182594061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.182804108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.183258057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.183367014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.183482885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.184222937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.184369087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.184488058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.185118914 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.185209036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.185296059 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.186079025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.186182022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.186316013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.187091112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.187535048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.187587976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.188174009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.188828945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.188905954 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.189254999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.189390898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.189433098 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.190356016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.190496922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.190536022 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.191382885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.191813946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.191862106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.192456961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.192544937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.192881107 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.193519115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.193814993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.194101095 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.194587946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.195174932 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.195224047 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.195657969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.195669889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.195727110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.196733952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.197040081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.197082043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.197809935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.198000908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.198060989 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.198885918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.199074030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.199229002 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.199927092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.200205088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.201004982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.201056004 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.201258898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.202044964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.202092886 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.202120066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.202780962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.203146935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.203257084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.203300953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.204221010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.204539061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.204586029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.205270052 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.205594063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.205641985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.206361055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.206957102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.207005978 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.207577944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.208059072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.208234072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.208491087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.208745956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.208790064 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.209518909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.256139040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.345535994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.345673084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.345719099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.346002102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.346015930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.346065998 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.346716881 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.347383976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.347434044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.347768068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.348005056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.348050117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.348844051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.349226952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.349286079 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.349976063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.350363970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.350420952 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.351110935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.351136923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.351203918 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.352066994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.352195978 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.352540016 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.353118896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.353319883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.353414059 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.354204893 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.354444981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.354609013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.355232954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.355676889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.355966091 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.356354952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.356671095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.356724024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.357398987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.357558012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.357682943 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.358474970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.358606100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.358661890 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.359505892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.359607935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.359989882 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.360625029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362250090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362262964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362341881 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362360954 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.362565041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.362735987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362927914 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.362970114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.363809109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.364020109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.364177942 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.364881039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.365080118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.365142107 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.365992069 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.366175890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.366278887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.367157936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.367331982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.367388010 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.368627071 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.368884087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.368932009 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.369338036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.369463921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.369791031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.370240927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.370318890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.370366096 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.371263981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.371402979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.371457100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.372476101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.372792006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.372840881 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.373437881 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.373634100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.373691082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.374524117 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.374810934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.374855042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.375614882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.376202106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.376622915 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.376683950 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.376832008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.376878977 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.377707958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.378640890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.378695011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.378881931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.378900051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.379098892 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.380074024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.380187988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.380253077 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.381189108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.381244898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.381284952 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.382096052 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.382219076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.382250071 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.383059025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.383268118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.383310080 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.384114027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.384346008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.384484053 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.385257006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.385368109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.385524988 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.386265993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.386504889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.386548996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.387319088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.387691975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.387794018 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.388370991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.389257908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.389316082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.389457941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.389938116 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.390305996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.390626907 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.390856028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.390918970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.391582012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.392347097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.392560005 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.392704964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.392716885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.392755985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.393754959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.394445896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.394499063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.394856930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.395178080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.395339012 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.395982027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.395992994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.396028996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.397008896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.397232056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.397279024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.398061991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.398075104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.398119926 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.399097919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.399529934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.399653912 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.400118113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.400548935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.400716066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.401257038 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.443622112 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.538285971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.538312912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.538408041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.538589001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.538949013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.539151907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.539644003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.539853096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.540601969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.540712118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.541425943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.541477919 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.541774988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.542280912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.542402029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.542865038 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.542876959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.542913914 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.543914080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.544053078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.544394970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.545027018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.545156002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.545870066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.546097994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.546309948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.546399117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.547132969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.547308922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.547367096 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.548181057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.549273014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.549284935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.549329996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.549592018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.550266981 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.550324917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.550414085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.550461054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.551364899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.551702976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.551749945 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.552469015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.552623034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.552702904 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.553530931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.553719044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.553771973 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.554641008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.554796934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.554838896 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.555685997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.555869102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.555933952 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.556721926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.556835890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.556874990 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.557801008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.557895899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.557944059 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.558914900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.559050083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.559092999 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.559999943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.560133934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.561007977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.561064005 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.562088966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.562102079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.562256098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.562308073 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.563168049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.563474894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.564335108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.564397097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.564927101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.565506935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.566108942 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.566580057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.566600084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.566622019 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.566781998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.566878080 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.567451000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.567658901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.567771912 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.568481922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.568584919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.568936110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.569547892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.569833040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.569916010 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.570671082 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.570801973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.571068048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.571706057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.571832895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.572014093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.572822094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.572936058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.573033094 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.573870897 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.574055910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.574103117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.574935913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.575452089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.575496912 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.575961113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.576107979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.576152086 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.577255964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.577521086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.577754974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.578164101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.578372002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.578455925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.579209089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.579327106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.579385996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.580243111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.580332041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.580378056 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.581367016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.581770897 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.582406998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.582556009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.582580090 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.582603931 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.583451986 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.583611965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.583662033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.584520102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.584620953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.584690094 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.585659027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.585781097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.585827112 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.586657047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.586770058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.586821079 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.587727070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.587917089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.587964058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.588901043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.589056015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.589101076 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.589920044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.590228081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.590626001 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.590919971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.591150999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.591259003 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.591990948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.592741966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.592814922 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.593034983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.593445063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.593487024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.594072104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.646768093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.730993986 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.731197119 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.731307030 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.731462955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.731574059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.731946945 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.732568026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.732723951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.732873917 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.733768940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.733818054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.733870983 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.735049009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.735332012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.735377073 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.736176014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.736361027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.736407042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.737375975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.737993956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.738118887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.738477945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.738593102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.738713980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.739797115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.740444899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.740505934 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.740571022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.740585089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.740746021 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.741550922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.741759062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.742105007 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.742641926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.742901087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.742976904 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.743603945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.743786097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.743870020 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.744688034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.744714975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.744839907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.745724916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.745798111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.746058941 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.746654987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.746774912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.747143984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.747615099 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.747697115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.748384953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.748615980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.748814106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.749011993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.749844074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.749856949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.749907017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.750969887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.751132011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.751214027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.752047062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.752166986 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.752216101 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.753115892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.753437042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.753493071 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.754180908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.754612923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.754724026 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.755229950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.755436897 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.755995035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.756201029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.756278992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.756485939 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.757241011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.757314920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.758233070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.758285999 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.758392096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.758449078 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.759231091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.759360075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.759397984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.760309935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.760718107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.760771990 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.761428118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.761598110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.761652946 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.762518883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.762702942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.762763977 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.763618946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.763816118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.763859034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.764734030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.765995026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.766006947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.766057968 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.766161919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.766428947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.767102957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.767630100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.767679930 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.767996073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.768120050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.768448114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.768897057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.769197941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.769237041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.769999981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.770361900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.770426035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.771065950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.771079063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.771142006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.772075891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.772340059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.772499084 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.773164034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.773344040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.773386955 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.774435997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.774621010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.774807930 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.775302887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.775398970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.775634050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.776356936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.776500940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.776593924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.777412891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.777698994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.777736902 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.779001951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.779217005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.779520035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.779557943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.779690981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.779850960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.780638933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.781075954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.781125069 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.781728029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.781954050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.782048941 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.782784939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.782918930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.782965899 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.783866882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.783957958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.784476995 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.785001040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.785231113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.785275936 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.785959959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.786206007 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.786261082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.786983967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.834259033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.923265934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.923300982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.923377037 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.923682928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.923849106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.923926115 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.923950911 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.924948931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.924999952 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.925405979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.926001072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.926105976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.926204920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.927114010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.927167892 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.927581072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930150032 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930213928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930217028 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.930227041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930277109 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.930577993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930613995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930625916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.930666924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.931369066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.931670904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.931721926 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.932359934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.932415009 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.932626963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.933459044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.933618069 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.933743954 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.934555054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.934603930 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.934701920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.935641050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.935683966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.935897112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.936758041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.936824083 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.936945915 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.937752008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.937908888 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.938043118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.938842058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.938852072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.938920021 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.939850092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.939960957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.940016031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.940942049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.940992117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.941051960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.942008018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.942054987 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.942138910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.943130016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.943296909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.943526030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.944165945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.944210052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.944340944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.945242882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.945293903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.945585012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.946490049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.946501970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.946547031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.947410107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.947546959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.947614908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.948441029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.948574066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.948683977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.949486971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.949579000 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.950269938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.950622082 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.950700998 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.951690912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.951703072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.951786041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.951963902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.952815056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.952858925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.953846931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.953857899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.953912020 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.953937054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.954832077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.954989910 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.955158949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.955936909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.956016064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.956078053 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.956952095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.956995010 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.957082987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.958064079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.958112955 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.958137035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.959173918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.959261894 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.959587097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.960165024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.960217953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.960294008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.961328030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.961391926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.961456060 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.962343931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.962400913 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.962450027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.963452101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.963609934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.963654041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.964530945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.964627028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.964670897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.965578079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.965631008 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.965889931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.966766119 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.966825008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.966847897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.967951059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.968008995 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.968244076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.968975067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.969032049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.969202995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.969904900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.970346928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.970398903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.970860004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.971498013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.971963882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.971976042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.972023964 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.972095013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.973052025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.973063946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.973099947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.974112988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.974124908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.974194050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.975192070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.975321054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.975342989 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.976228952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.976278067 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.976449013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.977291107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.977334023 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.977415085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.978372097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:38.978425980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:38.978832960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.021759033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.116379976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.116393089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.116449118 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.117311954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.117393970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.117439985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.117569923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.117583036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.117959023 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.119081020 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.119092941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.119159937 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.119668961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.119679928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.119723082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.120141029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.121233940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.121246099 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.121280909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.121366024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.121457100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.122416973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.122431040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.122493029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.124131918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.124188900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.124428988 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.125523090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.125535011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.125545979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.125610113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.127005100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.127016068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.127022982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.127058029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.127084017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.127676964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.127789021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.127917051 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.128748894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.129903078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.129920006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.129949093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.131279945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.131294012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.131305933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.131351948 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.132031918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.132190943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.132304907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.132991076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.133605957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.133651018 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.134197950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.134428978 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.134623051 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.135101080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.135363102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.135459900 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.136208057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.136420012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.136456966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.137370110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.137439966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.137614012 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.138520956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.138533115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.138612032 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.139518976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.139693975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.139792919 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.140531063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.140639067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.140825033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.141520023 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.141612053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.142108917 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.142637014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.143027067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.143084049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.143641949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.144011974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.144057035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.144767046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.144889116 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.145169973 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.145849943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.145862103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.145899057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.147003889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.147016048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.147052050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.147968054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.148812056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.148941994 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.149019957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.149033070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.149070978 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.150093079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.150851011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.151251078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.151262999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.151299953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.152266026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.153328896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.153342962 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.153378963 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.153870106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.153997898 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.154356956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.154577971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.154699087 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.156100035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.156111956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.156155109 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.156682968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.157432079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.157649994 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.157699108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.157711983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.157759905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.158689976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.159034967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.159086943 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.159841061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.159859896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.159897089 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.160789013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.161026955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.161062956 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.161847115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.162240982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.162298918 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.162893057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.163053989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.163086891 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.163995028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.164108992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.164213896 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.165148973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.165330887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.165399075 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.166079044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.166227102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.166297913 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.167175055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.167989969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.168034077 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.168292046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.168303967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.168390989 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.169332981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.169507027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.169543982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.170370102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.170567036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.170689106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.171479940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.224905968 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.308068991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.308166981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.308418989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.308476925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.308701992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.308834076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.308921099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.309824944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.309994936 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.310273886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.311058044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.311224937 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.311249971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.312093019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.312232971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.312254906 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.313394070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.313518047 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.313786983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.314526081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.314574957 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.314868927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.315754890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.315802097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.315824986 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.316813946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.316857100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.317101002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.317775965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.317913055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.318088055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.318898916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.319041014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.319092035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.319910049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.319956064 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.319988966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.320772886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.320847034 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.320914984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.321724892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.321787119 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.321858883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.322740078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.323056936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.323079109 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.323721886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.323801041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.323864937 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.324688911 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.324748993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.325206041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.326143026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.326203108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.326474905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.327243090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.327307940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.328264952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.328278065 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.328355074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.328406096 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.329137087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.329421043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.329492092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.330039024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.330095053 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.330111980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.331135988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.331185102 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.331337929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.332185984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.332333088 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.332478046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.333333015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.333399057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.333467960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.334373951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.334431887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.334595919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.335838079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.335894108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.336030006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.336795092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.336834908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.336858034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.337836027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.337960005 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.338426113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.339071035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.339123011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.339164972 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.339981079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.340033054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.340264082 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.341058969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.341207027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.341608047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.342071056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.342123032 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.342237949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.342978001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.343082905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.343146086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.344075918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.344125032 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.344438076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.345046997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.345144987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.345210075 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.346076012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.346137047 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.346147060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.347167969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.347491980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.347491980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.348202944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.348267078 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.348344088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.349378109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.349487066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.349512100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.350322008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.350476980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.350568056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.351421118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.351536989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.351557970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.351727962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.352504969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.352595091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.352643013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.353667021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.353786945 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.353848934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.354679108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.354691029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.354803085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.355674982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.355712891 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.355957031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.356736898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.356779099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.357125044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.357877016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.357933044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.357958078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.358870983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.358918905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.359250069 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.359939098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.359987974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.360246897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.360321999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.361048937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.361092091 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.361140966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.362107038 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.362157106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.362358093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.363154888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.363249063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.363877058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.412389040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.501782894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.501801968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.501863003 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.502255917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.502270937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.502305984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.503309965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.503928900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.503979921 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.504328966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.504508972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.504547119 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.505542040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.505923033 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.505980968 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.506603956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.507601023 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.507674932 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.507687092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.507702112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.507795095 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.508635998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.508920908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.508965969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.509754896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.510025024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.510153055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.510862112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.510875940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.510924101 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.512156010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.513062954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.513106108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.513159037 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.513170958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.513231039 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.514194965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.514580965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.514626026 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.515074968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.515177011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.515274048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.516071081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.516210079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.516680002 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.517118931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.517227888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.517271996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.518239975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.518307924 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.518506050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.696876049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.696966887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.697129011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.697460890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.697474003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.697508097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.698594093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.698833942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.698865891 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.699601889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.699615002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.699654102 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.700608969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.700733900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.700767040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.701924086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.702172041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.702204943 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.702769995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.702941895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.703092098 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.703880072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.703972101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.704013109 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.704885006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.705167055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.705990076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.706001997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.706028938 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.706058979 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.707041979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.707250118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.707288027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.708118916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.708834887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.708875895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.709150076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.710063934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.710124969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.710285902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.710298061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.710350037 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.711368084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.712162971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.712219954 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.712354898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.712492943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.712615013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.713480949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.713551998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.714091063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.714524984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.714639902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.714704037 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.715610027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.715971947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.716013908 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.716649055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.716778040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.716823101 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.717711926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.717892885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.717940092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.718848944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.718969107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.719003916 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.719837904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.720057011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.720102072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.720956087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.721344948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.721389055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.722054005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.722124100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.722156048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.723047972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.723247051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.723330021 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.724184990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.724354029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.724417925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.725200891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.725322008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.725456953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.726285934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.726478100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.726653099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.727401018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.727452040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.727495909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.728374004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.728733063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.728779078 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.729458094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.730305910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.730376005 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.730552912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.730566025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.730602026 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.731667042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.731681108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.731715918 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.732671022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.733030081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.733073950 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.733733892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.734050035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.734095097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.734821081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.735023975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.735095024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.735862970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.737001896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.737019062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.737047911 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.737117052 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.737155914 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.738100052 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.738507986 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.738573074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.739089012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.739304066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.739483118 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.740142107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.740547895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.740591049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.741209030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.741436958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.741689920 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.742346048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.742472887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.742841959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.743386984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.743488073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.743526936 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.744417906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.744724989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.744771957 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.745501995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.745944023 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.745985031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.746608019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.746839046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.746881962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.747647047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.747896910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.747942924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.748713017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.749006033 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.749047995 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.749772072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.749883890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.750051022 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.750811100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.750957012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.751208067 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.751966953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.752186060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.752233982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.752952099 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.803009033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.889118910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.889153004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.889242887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.889539957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.889559031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.889604092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.890527010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.890655994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.891377926 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.891839981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.892111063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.892896891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.892913103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.892950058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.892983913 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.893757105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.893940926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.893987894 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.894798994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.894912958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.894964933 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.895848989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.895944118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.895993948 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.896928072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.897206068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.897264957 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.898104906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.898123026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.898166895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.899132967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.899789095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.900168896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.900219917 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.901252031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.901268959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.901307106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.901546955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.901591063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.902537107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.902558088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.902602911 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.903403044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.903484106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.903542042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.904436111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.905595064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.905610085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.905648947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.905739069 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.905781031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.906629086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.906801939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.906845093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.907655954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.908186913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.908233881 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.908687115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.909126043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.909173012 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.909780025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.910892010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.910904884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.910950899 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.911678076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.911875963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.911927938 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.913080931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.913093090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.913146019 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.913590908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.913641930 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.914077044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.914088964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.914134979 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.915142059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.915779114 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.916174889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.916233063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.916847944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.917267084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.917326927 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.917619944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.918325901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.918378115 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.919456005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.919467926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.919521093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.919584036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.919622898 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.920552015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.920713902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.920761108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.921546936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.921757936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.921799898 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.922632933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.922725916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.923679113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.923722982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.923893929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.924767017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.924815893 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.924835920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.924868107 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.925779104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.925862074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.925911903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.926866055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.927320957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.927974939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.928024054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.928641081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.929008007 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.929047108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.929188013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.930120945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.930166960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.930233002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.931231022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.931271076 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.931348085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.931385994 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.932286024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.932591915 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.933294058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.933337927 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.933588982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.934367895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.934422970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.934499025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.934583902 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.935436964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.935718060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.936466932 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.936521053 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.936553001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.937597990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.937644958 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.937798977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.938644886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.938700914 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.939409018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.939457893 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.939706087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.939719915 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.939764023 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.940787077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.941543102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.941596031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.941919088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.941935062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.941982031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.942881107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.943038940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.943089008 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.943702936 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.943754911 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.943974972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.944093943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.944137096 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:39.944992065 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:39.990533113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.081330061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.081636906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.081749916 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.081795931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.081809044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.081850052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.082798004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.083211899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.083256006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.083376884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.084292889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.084415913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.084458113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.085350037 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.085406065 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.085443974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.086400032 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.086447001 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.086525917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.087527037 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.087635994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.087681055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.088530064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.088951111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.089076042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.089606047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.089641094 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.089768887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.090667963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.090995073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.091031075 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.091808081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.092077017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.092122078 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.093148947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.093190908 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.093291044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.094158888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.094197989 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.094394922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.095263004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.095561981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.095612049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.096307993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.096441984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.096493959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.097264051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.097302914 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.097579002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.098207951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.098253965 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.098335981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.099277020 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.099416018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.099461079 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.100300074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.100349903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.100398064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.101377964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.101424932 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.101542950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.102499962 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.102565050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.103009939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.103534937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.103785992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.103835106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.104712009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.104777098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.104831934 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.105628967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.105674982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.106147051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.106842041 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.107119083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.107166052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.107785940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.107883930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.107927084 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.108896017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.109698057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.109744072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.109993935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.110035896 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.110109091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.111166000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.111282110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.111323118 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.112309933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.112519026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.112557888 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.113360882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.113408089 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.113539934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.114223003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.114264965 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.114804029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.115284920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.115298033 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.115338087 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.116353035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.116626978 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.116676092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.117391109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.118011951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.118052959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.118495941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.118531942 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.118627071 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.119549036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.119599104 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.119746923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.120596886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.120640039 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.120836973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.121763945 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.121968985 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.122013092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.122847080 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.123017073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.123059034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.123986959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.124025106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.124182940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.124912977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.124957085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.125022888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.125958920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.126013041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.126172066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.127002001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.127039909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.127172947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.128099918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.128154993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.128745079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.129174948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.129187107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.129228115 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.130243063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.130294085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.130337000 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.131300926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.131324053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.131376028 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.132420063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.133084059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.133125067 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.133492947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.133863926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.133904934 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.134514093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.134605885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.134650946 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.135566950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.135921955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.135965109 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.136790037 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.136847973 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.138040066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.178006887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.183569908 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.274283886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.274305105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.274368048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.274578094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.274590969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.274688959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.275609970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.275785923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.275824070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.276701927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.276910067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.277776003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.277789116 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.277829885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.277858973 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.278647900 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.278801918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.278987885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.279043913 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.279927969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.280073881 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.280116081 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.280951023 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.281119108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.281164885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.281994104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.282273054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.282382965 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.283092022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.283210993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.283257961 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.284256935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.284749031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.284801960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.285218000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.285334110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.286130905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.286298990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.286509991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.287604094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.287625074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.287739038 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.287776947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.288424015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.288615942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.288655043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.289558887 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.289716005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.289760113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.290566921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.290682077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.290724993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.291685104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.291939974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.291976929 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.292721987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.292845011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.292917013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.293786049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.293886900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.293935061 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.294150114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.294939995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.295084953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.295155048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.295918941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.296050072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.296154976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.296988964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.297420025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.297456026 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.298352957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.298857927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.298898935 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.299117088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.299271107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.299381971 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.300168037 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.300312996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.300546885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.301237106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.301687002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.301774979 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.302521944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.302983999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.303016901 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.303791046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.304188967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.304229975 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.304635048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.304827929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.304882050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.305030107 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.305615902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.305728912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.305841923 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.305855036 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.306592941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.306704044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.306756020 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.307770014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.308044910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.308085918 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.308788061 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.308893919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.308927059 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.309845924 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.309925079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.309964895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.310946941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.311047077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.311099052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.311971903 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.312117100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.312158108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.313011885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.313188076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.313225031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.314096928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.314301968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.314344883 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.315190077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.315315962 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.315422058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.316251993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.316339970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.316379070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.317322969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.317460060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.317514896 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.318340063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.318556070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.318634033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.319411039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.319621086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.319667101 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.320559978 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.320791960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.320842981 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.322195053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.322267056 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.322344065 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.323169947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.323530912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.323636055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.324141979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.324276924 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.324388027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.325215101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.325362921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.325406075 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.326384068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.326426029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.326467991 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.327183962 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.327778101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.327841997 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.328150988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.328919888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.328964949 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.329149008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.329160929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.329200029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.330054998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.381139994 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.467044115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.467065096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.467114925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.467299938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.467782974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.467828035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.468396902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.468600035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.468641043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.469405890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.469569921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.470516920 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.470558882 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.470706940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.471606970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.471643925 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.471962929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.472006083 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.472605944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.472755909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.472799063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.473674059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.473989010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.474025965 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.474765062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.474999905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.475039959 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.475832939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.476102114 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.476150990 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.476907969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.477063894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.477209091 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.477955103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.478297949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.478367090 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.479005098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.479569912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.479614019 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.480110884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.481103897 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.481189013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.481221914 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.481235027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.481298923 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.482280016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.482292891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.482352018 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.483333111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.483601093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.483644962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.484397888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.485028028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.485088110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.485470057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.485665083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.485769033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.486536980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.486778021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.486826897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.487637997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.487952948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.487994909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.488651991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.489022017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.489058018 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.489746094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.489758015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.489801884 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.490796089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.491004944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.491069078 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.491874933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.492398977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.492441893 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.492949009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.493017912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.493166924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.494031906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.494208097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.494252920 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.495053053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.495151043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.495191097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.496170998 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.496282101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.496325970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.497216940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.497289896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.497342110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.498267889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.498405933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.498446941 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.499355078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.499859095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.499911070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.500374079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.500648022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.500694990 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.501465082 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.502553940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.502567053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.502665043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.502688885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.502727985 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.503635883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.503654003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.503689051 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.504779100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.504992008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.505032063 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.505753994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.506340027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.506396055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.506828070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.506840944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.506880045 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.507885933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.508030891 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.508079052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.508961916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.509099007 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.509197950 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.510020018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.510284901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.510329008 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.511075974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.511209011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.511261940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.512160063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.512353897 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.512542963 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.513371944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.513556004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.513700962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.514302969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.515376091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.515388966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.515429974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.515562057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.515613079 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.516419888 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.516763926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.516808987 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.517509937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.517608881 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.517652035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.518559933 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.518913031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.518974066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.519665003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.519856930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.519913912 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.520679951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.520981073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.521018982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.521882057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.522846937 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.522857904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.523170948 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.659106016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.659167051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.659204006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.659300089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.659617901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.659679890 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.660357952 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.660481930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.660531044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.661438942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.661696911 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.661744118 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.662565947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.663335085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.663387060 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.663582087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.663594961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.663671017 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.664653063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.664835930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.664887905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.665774107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.666467905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.666500092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.666788101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.666908979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.666949034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.667834044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.668061018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.668104887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.668909073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.669097900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.669178963 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.670021057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.670151949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.670192957 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.671034098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.671171904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.671466112 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.672147989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.672291994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.672360897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.673228025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.673410892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.673450947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.674283028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.674391031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.674437046 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.675350904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.675825119 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.675865889 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.676381111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.676608086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.676650047 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.677498102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.678100109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.678150892 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.678833008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.679147005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.679188013 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.679964066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.680293083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.680362940 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.681206942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.681602955 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.681644917 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.682204962 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.682320118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.682358980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.683342934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.683795929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.683841944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.684585094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.684753895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.684794903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.685748100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.685823917 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.685990095 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.686733961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.686930895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.686975002 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.688278913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.688853025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.688893080 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.689485073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.689601898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.689645052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.690527916 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.690639973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.690712929 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.691555977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.691679001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.691771030 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.692675114 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.692774057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.692838907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.693686008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.693900108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.693943024 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.694711924 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.694816113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.694858074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.695732117 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.696047068 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.696084976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.696690083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.696916103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.696962118 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.697551012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.697776079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.697818041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.698601007 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.698689938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.698811054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.699481010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.699579954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.699683905 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.700390100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.700540066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.700597048 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.701409101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.701575994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.701633930 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.702171087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.702363968 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.702404976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.703108072 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.703243971 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.703289986 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.704148054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.704510927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.704552889 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.705260992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.705463886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.705508947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.706332922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.706566095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.706609011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.707410097 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.707638025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.707679987 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.708494902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.708647013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.708686113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.709547043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.709841013 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.709943056 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.710712910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.710916042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.710993052 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.711688042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.711884975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.712023973 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.712716103 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.713083982 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.713135004 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.713790894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.713922977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.714010000 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.714852095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.756122112 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.861504078 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.861916065 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.861928940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.861965895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.862059116 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.862109900 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.862745047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.862950087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.862997055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.863886118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.864020109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.864231110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.864906073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.865202904 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.865283966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.866518021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.866858006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.866908073 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.867767096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.867943048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.868005991 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.868680954 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.869534969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.869601965 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.869744062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.870134115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.870182991 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.870865107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.871155977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.871200085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.871820927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.872021914 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.872066021 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.872776985 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.872853994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.872921944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.873861074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.873979092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.874063969 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.874769926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.874938965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.874986887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.875833035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.875847101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.875896931 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.876713991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.876857042 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.876916885 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.877671003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.877947092 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.878180027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.878765106 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.878885984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.878930092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.879822016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.879918098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.879964113 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.880882025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.881129026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.881170034 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.881956100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.882148027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.882199049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.883064032 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.883181095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.883270025 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.884090900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.884485960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.884537935 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.885193110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.886320114 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.886332035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.886373997 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.886435032 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.886509895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.887285948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.888006926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.888113976 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.888377905 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.888511896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.888560057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.889451981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.890083075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.890135050 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.890495062 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.891280890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.891335011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.891592026 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.892159939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.892199993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.892714977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.892728090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.892765045 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.893713951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.894809008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.894821882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.894854069 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.894938946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.895019054 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.895901918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.895916939 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.896030903 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.896910906 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.897046089 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.897092104 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.897986889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.898108959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.898154020 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.899055004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.899182081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.899241924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.900137901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.900259972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.900310040 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.901257038 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.901740074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.901798010 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.902333021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.902460098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.902508974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.903538942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.903553009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.903598070 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.904376030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.905522108 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.905534983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.905575991 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.905653000 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.905720949 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.906552076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.906641006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.906755924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.907609940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.908032894 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.908101082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.908674002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.909776926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.909835100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.909879923 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.909890890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.909986019 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.910839081 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.911048889 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.911325932 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.911889076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.912463903 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.912533998 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.912982941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.913080931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.913129091 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.914026976 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.914279938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.914324999 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.915076017 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.916157961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.916289091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.916301966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.916315079 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.916356087 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:40.917279959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:40.959268093 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.054863930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.055030107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.055095911 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.055174112 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.055347919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.055387974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.056618929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.056919098 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.056960106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.057475090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.057584047 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.057621956 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.058370113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.058864117 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.058903933 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.059590101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.059719086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.059756041 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.060497046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.060838938 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.060878038 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.061713934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.062163115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.062200069 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.062637091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.063155890 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.063195944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.063690901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.064188004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.064265966 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.064789057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.065021992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.065061092 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.065849066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.066292048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.066418886 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.066926003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.067311049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.067356110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.068021059 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.068166018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.068217039 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.069072008 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.069386959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.069425106 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.070120096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.070278883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.070317984 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.071192980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.071278095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.071320057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.072244883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.072406054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.072443962 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.074151993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.074362993 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.074395895 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.074662924 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.074769974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.074805021 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.075494051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.075632095 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.075668097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.076607943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.076927900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.076967955 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.077595949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.077742100 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.077790022 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.078686953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.079173088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.079210043 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.079730988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.079977036 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.080014944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.080811024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.081208944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.081249952 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.081929922 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.082154989 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.082206964 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.082947016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.083666086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.083698988 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.084052086 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.084218025 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.084387064 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.085145950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.085441113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.085477114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.086158991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.086349010 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.086395979 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.087234974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.087971926 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.088016033 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.088335991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.088347912 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.088373899 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.089339018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.090327024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.090373039 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.090434074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.090445995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.090478897 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.091487885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.091902018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.091938972 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.092583895 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.092829943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.092869997 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.093812943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.093940973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.093977928 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.094683886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.094970942 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.095007896 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.095772028 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.095973015 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.096009016 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.096836090 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.096923113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.096959114 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.097913027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.098068953 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.098107100 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.099029064 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.099140882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.099179029 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.100167990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.100347996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.100389004 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.101104975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.101447105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.101655006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.102204084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.102417946 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.102452993 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.103264093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.103467941 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.103507042 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.104311943 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.104455948 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.104495049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.105365992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.105457067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.105490923 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.106441021 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.106597900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.106637001 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.107697964 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.107932091 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.107971907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.108623981 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.109169006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.109211922 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.109682083 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.109693050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.109741926 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.110757113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.162432909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.247126102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.247348070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.247406006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.247536898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.247813940 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.247859001 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.248348951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.248558044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.248595953 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.249428988 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.249629974 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.249670982 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.250463009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.250575066 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.250617027 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.251559019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.251669884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.251714945 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.252615929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.252724886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.252773046 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.253694057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.253845930 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.253890991 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.254806995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.254909039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.254970074 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.255794048 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.256102085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.256468058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.256870031 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.257203102 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.258131027 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.258187056 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.258354902 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.258709908 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.259026051 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.259179115 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.259217978 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.260080099 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.260828972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.260878086 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.261229992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.261343002 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.261382103 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.262202024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.263309956 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.263326883 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.263364077 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.263497114 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.263541937 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.264364004 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.265427113 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.265439987 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.265476942 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.265639067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.265994072 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.266460896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.266892910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.266940117 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.267537117 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.268008947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.268057108 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.268625975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.269115925 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.269160032 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.269701958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.269917965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.269963980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.270842075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.270853996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.270900011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.271841049 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.272084951 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.272131920 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.272888899 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.273118019 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.273159981 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.274002075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.274367094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.274410009 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.275046110 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.275582075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.275620937 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.276125908 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.276329994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.276376009 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.277214050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.277312040 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.277354002 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.278400898 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.278562069 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.278604031 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.279361963 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.279462099 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.279939890 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.280374050 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.280560970 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.280610085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.281469107 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.281887054 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.281933069 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.282504082 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.282706022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.282767057 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.283577919 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.283710003 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.283754110 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.284689903 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.285307884 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.285360098 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.285706043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.285903931 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.285948038 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.286768913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.287861109 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.287872076 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.287919044 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.288009882 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.288460970 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.288957119 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.289171934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.289217949 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.290009022 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.290294886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.290347099 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.291069984 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.291301012 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.292133093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.292195082 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.292265892 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.292464972 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.293210983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.293415070 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.293499947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.294295073 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.294641018 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.294689894 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.295331001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.296410084 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.296484947 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.296498060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.296535015 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.297595024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.297749043 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.297791958 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.298703909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.298873901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.298914909 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.299592972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.300179958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.300457001 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.300631046 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.300749063 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.301738024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.301784992 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.301822901 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.302807093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.302865028 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.439539909 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.439696074 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.439748049 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.439927101 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.440128088 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.440182924 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.440253973 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.441193104 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.441239119 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.441309929 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.442317009 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.442363977 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.442425966 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.443384886 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.443433046 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.444097996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.444447994 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.444490910 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.444715977 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.445508957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.445548058 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.445703030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.446588039 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.446628094 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.446790934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.447597980 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.447642088 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.447894096 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.448687077 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.448954105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.448997974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.449902058 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.450011969 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.450057030 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.450881958 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.450927019 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.450962067 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.451870918 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.451917887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.451994896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.452943087 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.453408957 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.453460932 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.454020023 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.454233885 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.454282999 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.455394983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.455437899 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.455595016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.456476927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.456609011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.456655025 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.457401991 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.457763910 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.457813978 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.458292961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.458333015 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.458463907 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.459372997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.459419012 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.459454060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.460433960 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.460489035 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.460520029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.461503029 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.461796999 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.461838961 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.462587118 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.462739944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.462785006 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.463654995 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.463953972 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.463996887 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.464740992 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.464752913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.464783907 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.465913057 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.466073990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.466118097 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.466947079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.466989994 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.467087030 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.467935085 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.467946053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.467978954 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.468971014 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.470096111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.470107079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.470146894 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.470268011 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.471107006 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.471703053 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.471750975 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.472157001 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.472353935 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.472398996 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.473248005 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.473299980 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.474190950 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.474338055 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.474385023 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.474469900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.475390911 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.475449085 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.475472927 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.476460934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.476620913 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.476666927 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.477521896 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.477654934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.477701902 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.478657961 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.478668928 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.478709936 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.479686975 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.479732990 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.479871035 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.480762959 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.480807066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.481096983 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.481784105 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.481827974 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.482232094 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.482861996 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.483937979 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.483949900 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.483984947 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.484013081 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.484152079 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.485039949 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.485085011 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.485124111 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.486053944 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.486099005 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.486263990 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.487159967 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.487345934 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.487391949 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.488234997 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.489061117 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.489099979 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.489324093 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.489335060 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.489366055 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.490364075 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.490618944 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.491430044 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.491441965 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.491481066 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.491626024 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.492497921 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.494843960 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.495332956 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.495384932 CET497272845192.168.2.5104.161.43.18
                                                                      Dec 20, 2024 16:22:41.614794016 CET284549727104.161.43.18192.168.2.5
                                                                      Dec 20, 2024 16:22:41.614814043 CET284549727104.161.43.18192.168.2.5

                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:10:22:12
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\Desktop\isWLAjve0K.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\isWLAjve0K.exe"
                                                                      Imagebase:0x400000
                                                                      File size:3'002'880 bytes
                                                                      MD5 hash:0160029C14CAF2B358598E8824E5CEE0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:10:22:29
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\Desktop\isWLAjve0K.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\isWLAjve0K.exe"
                                                                      Imagebase:0x400000
                                                                      File size:3'002'880 bytes
                                                                      MD5 hash:0160029C14CAF2B358598E8824E5CEE0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000003.2476450281.0000000002AB0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2484879040.00000000050E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000003.00000003.2484638088.0000000004EC0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000003.00000002.2511515172.0000000002AC0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:10:22:31
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\System32\svchost.exe"
                                                                      Imagebase:0x8f0000
                                                                      File size:46'504 bytes
                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000003.2485848152.0000000000860000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.2488509979.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.2488716555.0000000004F00000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000002.2580646442.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:8
                                                                      Start time:10:22:33
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 460
                                                                      Imagebase:0x1e0000
                                                                      File size:483'680 bytes
                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:10:22:41
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\fontdrvhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\fontdrvhost.exe"
                                                                      Imagebase:0x7ff7b5950000
                                                                      File size:827'408 bytes
                                                                      MD5 hash:BBCB897697B3442657C7D6E3EDDBD25F
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:moderate
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:10:22:45
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\WerFault.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\WerFault.exe -u -p 6120 -s 140
                                                                      Imagebase:0x7ff74b470000
                                                                      File size:570'736 bytes
                                                                      MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Non-executed Functions

                                                                        Function 004149D0 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 569COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathRemoveFileSpecW.SHLWAPI(00000000,00000001,?,004AF2A8,00000001), ref: 00414C52
                                                                        • GetLastError.KERNEL32(004AF2AC,00000002,00000001,?,004AF2A8,00000001), ref: 00414C65
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151DB
                                                                          • Part of subcall function 004151D0: DestroyEnvironmentBlock.USERENV(00000000,?,00414C7F,?), ref: 004151E9
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151F7
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415205
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415212
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(?,?,00414C7F,?), ref: 00415226
                                                                          • Part of subcall function 004151D0: CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 0041523F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle$BlockDestroyEnvironmentErrorFileLastPathRemoveSpec
                                                                        • String ID: D$In ProcessUtils::utilCreateProcessInUserSessionWithReturnCode.$In ProcessUtils::utilCreateProcessInUserSessionWithReturnCode. Error in createProcessInUserSession with error %d.$In ProcessUtils::utilCreateProcessInUserSessionWithReturnCode. Error in utilRemoveFileSpec in currentDirectory %s $In ProcessUtils::utilCreateProcessInUserSessionWithReturnCode. Return$In ProcessUtils::utilCreateProcessInUserSessionWithReturnCode. WaitForFinish is false. Returning$OOBEUtils$ProcessUtils
                                                                        • API String ID: 2934398582-495172292
                                                                        • Opcode ID: b1d8b08e1ced0472de58a44bdc32ac5145ca0abbc8f526ddc3a30321f6e8c4e6
                                                                        • Instruction ID: 44ddc1e84410081819ab0d6c29ceb37a1c44936693579239e334559e60437c79
                                                                        • Opcode Fuzzy Hash: b1d8b08e1ced0472de58a44bdc32ac5145ca0abbc8f526ddc3a30321f6e8c4e6
                                                                        • Instruction Fuzzy Hash: C422C130A40219DBDB10DF54CD5ABEE77B4BF95704F2401AAE80577290DBB86E90CFA9
                                                                        Function 004029A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 247COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AdobeUpdateService$AdobeUpdateService: Process certificate didnt match to Adobe certificate!$main: Finished$main: Started
                                                                        • API String ID: 0-108484121
                                                                        • Opcode ID: b3500d050bb6cdf61eb27a6f39655ff4180bc88b106c65d246eddb0ba753381a
                                                                        • Instruction ID: aa4f7462551908f85693e87270aad57e37dee6bb7c79447cbb64f1a26d33a99d
                                                                        • Opcode Fuzzy Hash: b3500d050bb6cdf61eb27a6f39655ff4180bc88b106c65d246eddb0ba753381a
                                                                        • Instruction Fuzzy Hash: D491F870A002189FEB14DF65CD5ABAE7BB4EB04718F14417EE405B73C1EBB86A05CB99
                                                                        Function 0046A3FC Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0046A40E
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0046A41D
                                                                        • GetCurrentProcessId.KERNEL32 ref: 0046A426
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0046A433
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                        • String ID:
                                                                        • API String ID: 2933794660-0
                                                                        • Opcode ID: ac1283240fa4666ab2caaaff0c877bff52670fbfcb2ac06dcdcff882bb556bcf
                                                                        • Instruction ID: e4e9c80c65a6a08ef3cfff89654f3def58ef4d81fe7765c738179de465d37d3f
                                                                        • Opcode Fuzzy Hash: ac1283240fa4666ab2caaaff0c877bff52670fbfcb2ac06dcdcff882bb556bcf
                                                                        • Instruction Fuzzy Hash: 50F05F71C10209EBCB04DBB5DA49A9EBBF8EF28305F5148A69412E7150E774AB049F55
                                                                        Function 00479425 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0047951D
                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00479527
                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00479534
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                        • String ID:
                                                                        • API String ID: 3906539128-0
                                                                        • Opcode ID: a19f73a4d9f4d0e54a9ed4dae2ef3fd1af3dc1133b3d865888961f1c74766716
                                                                        • Instruction ID: 7109313c7fa8fd350fdfa9001e6c8f204caf35ef787ef4bb10a63f32fd68b71d
                                                                        • Opcode Fuzzy Hash: a19f73a4d9f4d0e54a9ed4dae2ef3fd1af3dc1133b3d865888961f1c74766716
                                                                        • Instruction Fuzzy Hash: AB31D87590122CABCB21DF65DD88BCDBBB8BF18310F5041EAE40CA6251E7749F858F49
                                                                        Function 004781A9 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 'yG$0'yG
                                                                        • API String ID: 0-303115398
                                                                        • Opcode ID: 05fb904e47dcc931b1d1c068e6b8bc400b9b72d514dc0288f43eca1ced241965
                                                                        • Instruction ID: d08553121c1e018d73dad4b3ed9971c9bf1efc3aeb580b9790c43d1ab50a3df4
                                                                        • Opcode Fuzzy Hash: 05fb904e47dcc931b1d1c068e6b8bc400b9b72d514dc0288f43eca1ced241965
                                                                        • Instruction Fuzzy Hash: 8BC1F230580A468FCB24CF68C58C6FBB7B1EB05304B18C64FD85A97792DB79AD05CB59
                                                                        Function 0042A37F Relevance: .2, Instructions: 168COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d21264a1c08e810c4c38526a1ecd812e75f817fe61fd55862a0341abe4b46fa
                                                                        • Instruction ID: 73731217f7f0903f3e73a4f256df7469752bf4508d9d56f731985d328a9c274b
                                                                        • Opcode Fuzzy Hash: 2d21264a1c08e810c4c38526a1ecd812e75f817fe61fd55862a0341abe4b46fa
                                                                        • Instruction Fuzzy Hash: 0451E7B2C016245BF724CA24DD89AEBBBB9EB80304F1481BBE40DAA5D4D77C5BC5CE51
                                                                        Function 0042A0D3 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2ddf1008c0f78f1b94a957e5dd248246c502d1733fd5f4d18ad86347ab9ac115
                                                                        • Instruction ID: 309c32d757d398875828263d3e1d7c7ebd7d892102b88bd18bd306b648c21c19
                                                                        • Opcode Fuzzy Hash: 2ddf1008c0f78f1b94a957e5dd248246c502d1733fd5f4d18ad86347ab9ac115
                                                                        • Instruction Fuzzy Hash: 5B51D4B2D052159FEB28CF28CD95ADAFBB5EF84304F0581AFD4096B284D7789781CE41
                                                                        Function 00460FA0 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 92b4408d911e923283ad052d3412a50f4253902d7f48253863d126fe0516623a
                                                                        • Instruction ID: ab5e05bcc99bfceca36f26a0eb8b1f4f863e45577806241823cb0e5dbccfed84
                                                                        • Opcode Fuzzy Hash: 92b4408d911e923283ad052d3412a50f4253902d7f48253863d126fe0516623a
                                                                        • Instruction Fuzzy Hash: EE01ECB5904719EBCB14CF99D941B9AFBF4FB48720F20862AE429A3790D33565108F94
                                                                        Function 0041F500 Relevance: 30.4, APIs: 11, Strings: 9, Instructions: 396sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,018FB788,?,00000008), ref: 0041F537
                                                                        • Sleep.KERNEL32(00000001), ref: 0041F53F
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F585
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F5C9
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F646
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$Leave$EnterSleep
                                                                        • String ID: CommBridge$Data size %i is larger than max buffer size, aborting write.$OOBEUtils$Out pipe handle is invalid, aborting write.$Pipe %p not initialized, aborting write.$Terminate channel$Writing data packet to pipe failed with error code %i$Writing info packet to pipe failed with error code %i$`J
                                                                        • API String ID: 4275215032-318403239
                                                                        • Opcode ID: 8abe9bf9aa2a41506b6c831e74ff08ca7d922cea81cd4335f7d1f82bf08bb469
                                                                        • Instruction ID: 357453fb2a3021c3316a4f80364e3140d53479557ee8387c2b372fbbb1bee486
                                                                        • Opcode Fuzzy Hash: 8abe9bf9aa2a41506b6c831e74ff08ca7d922cea81cd4335f7d1f82bf08bb469
                                                                        • Instruction Fuzzy Hash: F2E10770B40208ABDB00DF65DD4ABDE7BB5AF45700F24013AF806A72D1DB7CAA458B5D
                                                                        Function 004056B0 Relevance: 24.8, APIs: 4, Strings: 10, Instructions: 296sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,00000028), ref: 0040587F
                                                                          • Part of subcall function 0041FA30: WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                          • Part of subcall function 0041FA30: CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        Strings
                                                                        • Failed to sent communnication ID packet to the client, xrefs: 004059B9
                                                                        • Initializing Communication Channel with ACC with pipename: %s, xrefs: 00405862
                                                                        • Sent communnication ID packet to the client, xrefs: 004056EF
                                                                        • CreateIPCChannel failed for pipe %s, xrefs: 004058D0
                                                                        • Failed in creating client thread, xrefs: 00405984
                                                                        • Failed in initial handshake with the client, xrefs: 004058F0
                                                                        • thread failed to resumed. fatal error, xrefs: 0040594C
                                                                        • failed to create a new thread for ipc communications. Fatal Error, xrefs: 0040591A
                                                                        • Problem initializing Communication Channel. Quitting. Error code %d, xrefs: 004058A7
                                                                        • Successfully created the client thread, xrefs: 004059E8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleObjectSingleSleepWait
                                                                        • String ID: CreateIPCChannel failed for pipe %s$Failed in creating client thread$Failed in initial handshake with the client$Failed to sent communnication ID packet to the client$Initializing Communication Channel with ACC with pipename: %s$Problem initializing Communication Channel. Quitting. Error code %d$Sent communnication ID packet to the client$Successfully created the client thread$failed to create a new thread for ipc communications. Fatal Error$thread failed to resumed. fatal error
                                                                        • API String ID: 640476663-1070437462
                                                                        • Opcode ID: 68fa43ea2eba1087806099fb0bd63b4327f9badd3dddcdc44e0fb38c4a85424d
                                                                        • Instruction ID: dce432d37da255bfcb33f67ab20813508531a13952796c9d494c823ab279c1dd
                                                                        • Opcode Fuzzy Hash: 68fa43ea2eba1087806099fb0bd63b4327f9badd3dddcdc44e0fb38c4a85424d
                                                                        • Instruction Fuzzy Hash: F0A1D2B0A40615AFCB00DF65DC86B6E7BA4FF49704F10017AE505AB3D1DB78A914CB9A
                                                                        Function 00401A30 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 268synchronizationthreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(00000000,00000001,?,00401A1C), ref: 00401AC7
                                                                          • Part of subcall function 00401770: SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                          • Part of subcall function 00401770: GetLastError.KERNEL32 ref: 00401877
                                                                        • CreateThread.KERNEL32(00000000,00000000,00401520,00000000,00000000,00000000), ref: 00401B0D
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00401A1C), ref: 00401C91
                                                                        • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?,00401A1C), ref: 00401C99
                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00401A1C), ref: 00401D13
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$CloseCreateEventHandleObjectResetServiceSingleStatusThreadWait
                                                                        • String ID: NULL OOBE_Event_t object passed in DestroyEvent $NULL OOBE_Event_t object passed in WaitforEvent $OOBEEvents$OOBEUtils$SvcInit: Creat thread failed$SvcInit: Create thread successful$SvcInit: Finished$SvcInit: Now wating for the close signal$SvcInit: Started New
                                                                        • API String ID: 2548555128-2125176678
                                                                        • Opcode ID: fdb8e43f0c7796d05782fa09c5a4e7a52c29433dbb338b57c4b152e7f49b068c
                                                                        • Instruction ID: f73ab4652ae81edbc98d7fd2a5d95e0b0f6ab9935acceea9d8e153ccbd849a11
                                                                        • Opcode Fuzzy Hash: fdb8e43f0c7796d05782fa09c5a4e7a52c29433dbb338b57c4b152e7f49b068c
                                                                        • Instruction Fuzzy Hash: 9291D370B80315ABE710DB559D46B5E3BA4EB10B14F14017BF915B73D1EFB8A9008BAE
                                                                        Function 00427320 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 148fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(00000000,00000000,0040674D), ref: 0042732E
                                                                        • PathIsDirectoryW.SHLWAPI(00000000), ref: 00427347
                                                                        • DeleteFileW.KERNEL32(00000000,00000000,?), ref: 0042735A
                                                                        • GetLastError.KERNEL32 ref: 0042736C
                                                                        • GetFileAttributesW.KERNEL32(00000000), ref: 00427386
                                                                        • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 00427420
                                                                        • DeleteFileW.KERNEL32(00000000), ref: 00427431
                                                                        • GetLastError.KERNEL32 ref: 00427456
                                                                        • GetLastError.KERNEL32 ref: 004274A6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: File$ErrorLast$AttributesDeletePath$DirectoryExists
                                                                        • String ID: Failed to delete file: '%s' LastError:%d$File '%s' is with read-only. Its attribute is: '%d'. UnSetting its read-only attr and retry deleting$FileUtils$OOBEUtils
                                                                        • API String ID: 2466363971-4107796821
                                                                        • Opcode ID: 00b6d3bf9a951ad68e80268370d137a51b95931526897c450c14d293331eb804
                                                                        • Instruction ID: 1d99e2006965ff6694df6736826d9ecfdb84e75553d3c6a76360acde75f41734
                                                                        • Opcode Fuzzy Hash: 00b6d3bf9a951ad68e80268370d137a51b95931526897c450c14d293331eb804
                                                                        • Instruction Fuzzy Hash: 3341A530745221EBCA10DF19FD99A5A7B65FB85B01BA40477F80197290DB78BC90CBBD
                                                                        Function 00427AB0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 182encryptionmemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WinVerifyTrust.WINTRUST(000000FF,?*@`J,?,018FB788,?,?), ref: 00427B84
                                                                        • WTHelperProvDataFromStateData.WINTRUST(00000000), ref: 00427B95
                                                                        • WTHelperGetProvSignerFromChain.WINTRUST(00000000,00000000,00000000,00000000), ref: 00427BAA
                                                                        • WTHelperGetProvCertFromChain.WINTRUST(00000000,00000000), ref: 00427BCA
                                                                        • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 00427C07
                                                                        • LocalAlloc.KERNEL32(00000000), ref: 00427C22
                                                                        • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,?), ref: 00427C41
                                                                        • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00427C6A
                                                                        • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,00000034), ref: 00427D07
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CertFromHelperProv$ChainDataLocalNameStringTrustVerify$AllocFreeSignerState
                                                                        • String ID: 4$?*@`J${|}
                                                                        • API String ID: 318076659-843163469
                                                                        • Opcode ID: 2b2f03a0b2219b9638c237f0a50e4636c7e99644d9adfce77a164d3a7e6bd346
                                                                        • Instruction ID: 07a7e49040c28470832a96e5ee50d6d3bb65460ac79225f476d81bb8c7a89be8
                                                                        • Opcode Fuzzy Hash: 2b2f03a0b2219b9638c237f0a50e4636c7e99644d9adfce77a164d3a7e6bd346
                                                                        • Instruction Fuzzy Hash: 69717BB0E00218AFEB14DFA5DD89B9EBBB8FB04314F10416EE515AB281DBB95944CF58
                                                                        Function 0041E190 Relevance: 19.8, APIs: 6, Strings: 7, Instructions: 309COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 0041E231
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041E288
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041E2DC
                                                                        • EnterCriticalSection.KERNEL32(0036EE80), ref: 0041E302
                                                                        • LeaveCriticalSection.KERNEL32(0036EE80), ref: 0041E37D
                                                                        • LeaveCriticalSection.KERNEL32(00000009), ref: 0041F2F9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$Leave$Enter
                                                                        • String ID: CommBridge$Inside initCommBridge, creating pipe %s$OOBEUtils$Pipe already initialized.$Pipe name is empty.$Wrong pipe context passed %i.$\\.\pipe\
                                                                        • API String ID: 2978645861-1085201787
                                                                        • Opcode ID: 2741faf5fde62311bba358750df085c702bd52d97c66e27c1744663fa93f332a
                                                                        • Instruction ID: aaa71bcc0c1ad3f749e7ec319ae41c39833817b2d272478ea5ed4507fdbc246a
                                                                        • Opcode Fuzzy Hash: 2741faf5fde62311bba358750df085c702bd52d97c66e27c1744663fa93f332a
                                                                        • Instruction Fuzzy Hash: 5CA10134700300ABDB24DF66DC9AF9A77A8AB05701F14056FE905972D1DB78F990CBAE
                                                                        Function 004274E0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 427fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(?,018FB788,?,00000000,?,?,?,00000000,0049994D,000000FF,?,00406D2F), ref: 0042751A
                                                                          • Part of subcall function 004270D0: PathRemoveFileSpecW.SHLWAPI(00000000,?,?,?,?,?,?,00000000,0049994D,000000FF), ref: 0042714C
                                                                          • Part of subcall function 00427260: PathFileExistsW.SHLWAPI(?,?,0040653E), ref: 0042726E
                                                                          • Part of subcall function 00427260: PathIsDirectoryW.SHLWAPI(?), ref: 00427283
                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000000,0049994D,000000FF), ref: 004275CB
                                                                        • GetLastError.KERNEL32(?,?,00000000,0049994D,000000FF), ref: 004275E9
                                                                        • GetLastError.KERNEL32(?,?,00000000,0049994D,000000FF), ref: 00427637
                                                                        • SetFileAttributesW.KERNEL32(?,00000080,?,?,00000000,0049994D,000000FF), ref: 00427678
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: File$Path$ErrorExistsLast$AttributesCopyDirectoryRemoveSpec
                                                                        • String ID: Failed to copy file at the destination:'%s'. LastError: %d$FileUtils$OOBEUtils$Source file does not exist in CopyFileFromSourceToDestination
                                                                        • API String ID: 3678581443-2441349454
                                                                        • Opcode ID: 3b2b4e70207e77957e346cfaaefa40b7f30fec250b144c30194b88bdfa61c5ea
                                                                        • Instruction ID: 304be064ac5706b44c2d59a599f2d95f36f10b52853653852536ae88b2003d00
                                                                        • Opcode Fuzzy Hash: 3b2b4e70207e77957e346cfaaefa40b7f30fec250b144c30194b88bdfa61c5ea
                                                                        • Instruction Fuzzy Hash: DAE1F471F002249BCB14DF69ED85BAEB7B5FB45710F50422EE411A7390DB38AD41CBA9
                                                                        Function 0041F360 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 146filesleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F38A
                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F39F
                                                                        • Sleep.KERNEL32(0000000A,?,?,?,?,00000000,?,?,?), ref: 0041F3B6
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000000,?,?,?), ref: 0041F3CC
                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F3D6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFileLastWrite$Sleep
                                                                        • String ID: CommBridge$Number of retries to write to pipe exhausted with last error = %lu. Aborting write on pipe %p$OOBEUtils$Write failed or else (No of bytes written > data). Aborting write on pipe %p , errno: %lu
                                                                        • API String ID: 2338600601-2345992799
                                                                        • Opcode ID: b8e0a7f11eae0cb03ddd70be310acbc4cd459f475ee6759fc557cd37cf45340b
                                                                        • Instruction ID: bbdbd7131a9a05eaf625d8743bffc745cebe138b644272fe07d0d675cb0cef45
                                                                        • Opcode Fuzzy Hash: b8e0a7f11eae0cb03ddd70be310acbc4cd459f475ee6759fc557cd37cf45340b
                                                                        • Instruction Fuzzy Hash: 13411635B00208BBDB10DFA69C42BBF7B68EB55721F1001BBF815A32C0DA746D4087A8
                                                                        Function 004163F0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 155COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000000,?,00000000,00404D5E,?), ref: 00416418
                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000001,00000000,00000000), ref: 004164B4
                                                                        • GetLastError.KERNEL32 ref: 004164CB
                                                                        • GetLastError.KERNEL32 ref: 0041651E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                        • String ID: Error allocating memory while converting Native string to UTF8 string$Failed to convert WideCharToMultiByte. ErrorCode::%d$OOBEUtils$StringUtils
                                                                        • API String ID: 203985260-2236274340
                                                                        • Opcode ID: e39f2a51ba932da9826a003946e3c0e9b08f0d17437669bc90833129a53970bc
                                                                        • Instruction ID: 716146f1c0389004c4db2de1f4adde63d4e0a6c81021537d3ce57664b142a41d
                                                                        • Opcode Fuzzy Hash: e39f2a51ba932da9826a003946e3c0e9b08f0d17437669bc90833129a53970bc
                                                                        • Instruction Fuzzy Hash: 28417B3578031477DA20AF1AAC47FEA7794EB42B21F2400BBFD09632D0D9696D4487AD
                                                                        Function 00403C90 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 137sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        • Failed to create the connection channel, xrefs: 00403D34
                                                                        • Failed to initiate communication, xrefs: 00403DCB
                                                                        • Initializing1 Connection Channel with Service with pipename: %s, xrefs: 00403CD0
                                                                        • Problem initializing Connection Channel. Quitting., xrefs: 00403D11
                                                                        • Success:Initializing Connection Channel with Service with pipename: %s, xrefs: 00403D73
                                                                        • Successfully initiated communication, xrefs: 00403DAA
                                                                        • Communication is open on the other pipe. Closing the static guid and re-opening for new clients..., xrefs: 00403DF4
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: Communication is open on the other pipe. Closing the static guid and re-opening for new clients...$Failed to create the connection channel$Failed to initiate communication$Initializing1 Connection Channel with Service with pipename: %s$Problem initializing Connection Channel. Quitting.$Success:Initializing Connection Channel with Service with pipename: %s$Successfully initiated communication
                                                                        • API String ID: 3472027048-2173017273
                                                                        • Opcode ID: 6df400194c0d2eafb8ad463674300954c48552a7f74c4dd405dff45e14274271
                                                                        • Instruction ID: 5187b662ea0dd10bef7ca44164715a625855074a8d72d76878ed54e6067e5788
                                                                        • Opcode Fuzzy Hash: 6df400194c0d2eafb8ad463674300954c48552a7f74c4dd405dff45e14274271
                                                                        • Instruction Fuzzy Hash: 9141F170600200EFCB10DF19DC89B5A7BA8AF49705F1440BAE909BB3D1CB78ED44CBA9
                                                                        Function 00418B10 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 330COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418B88
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418BAF
                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00418C74
                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00418C8E
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418D23
                                                                        • std::_Facet_Register.LIBCPMT ref: 00418D30
                                                                          • Part of subcall function 0046877A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00468786
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$LockitLockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegisterstd::invalid_argument::invalid_argument
                                                                        • String ID: bad locale name
                                                                        • API String ID: 1871079455-1405518554
                                                                        • Opcode ID: c6cdc14bd338eddc53a98ba7adfe9d068b301496e6a84cf03d0ab39cc8f10731
                                                                        • Instruction ID: 2b18787ee60dced21a1ee80d710d234eacb2e1acb53e15705c8ae09ecf607236
                                                                        • Opcode Fuzzy Hash: c6cdc14bd338eddc53a98ba7adfe9d068b301496e6a84cf03d0ab39cc8f10731
                                                                        • Instruction Fuzzy Hash: DBD16FB1E002189FDB00DFA5C984BDEBBB5BF58314F14406EE805A7391EB78AD45CB99
                                                                        Function 004013E0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 295COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 004013E5
                                                                          • Part of subcall function 0046873A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00468746
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00401519
                                                                        Strings
                                                                        • ServiceWorkerThread: Returning from the worker thread, xrefs: 0040173D
                                                                        • string too long, xrefs: 004013E0
                                                                        • ServiceWorkerThread: Workflow Start Failed, xrefs: 004016D6
                                                                        • ServiceWorkerThread: Started, xrefs: 004015A6
                                                                        • ServiceWorkerThread: Workflow Started, xrefs: 0040168F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                        • String ID: ServiceWorkerThread: Started$ ServiceWorkerThread: Workflow Start Failed$ ServiceWorkerThread: Workflow Started$ServiceWorkerThread: Returning from the worker thread$string too long
                                                                        • API String ID: 3990507346-493984609
                                                                        • Opcode ID: d82a602f60015f722318a5e5598d58ea829feccefa44ef9ae6b957b033f1123a
                                                                        • Instruction ID: 0de4d92833269bd46795cda1e8f9f860099c4cf613756acb1c3ca96f5a9e6a69
                                                                        • Opcode Fuzzy Hash: d82a602f60015f722318a5e5598d58ea829feccefa44ef9ae6b957b033f1123a
                                                                        • Instruction Fuzzy Hash: D0A13BB1A002059BE710DF69DC42B6EB7A4EF40314F24427FE815E73D1EB78994487DA
                                                                        Function 00401DB0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils$Receiveded SERVICE_CONTROL_STOP signal$ServiceCtrlHandler: Finished$ServiceCtrlHandler: Started
                                                                        • API String ID: 0-3825141419
                                                                        • Opcode ID: 6ca62fb21f9d5d796d1c64262897b507ae4cdca6753128363298717e489f106b
                                                                        • Instruction ID: 66e086e936243a972247da67edb77e0195688db155f0063ebd03624c2dfed7a4
                                                                        • Opcode Fuzzy Hash: 6ca62fb21f9d5d796d1c64262897b507ae4cdca6753128363298717e489f106b
                                                                        • Instruction Fuzzy Hash: 2D51C270A81215ABEB10DB15DD46B5E3BA4EB00B18F14017BF905B73D1EF78A9048BEE
                                                                        Function 004165A0 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,?,00000000,00000000,?,00404FB7,00000000,00000000,004B0CCA,00000000), ref: 004165BA
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 00416661
                                                                        • GetLastError.KERNEL32 ref: 00416678
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                        • String ID: Error allocating memory while converting UTF8 string to Native string$Failed to convert MultiByteToWideChar. ErrorCode::%d$OOBEUtils$StringUtils
                                                                        • API String ID: 1717984340-475419079
                                                                        • Opcode ID: 2ac2b592db3f9692cb7a5b3bc46003a3bf626419324c79dd5455d25ea0bdc311
                                                                        • Instruction ID: 607fb1377a63fdc9f035f0c432f6c8044d68b344f7ff51ac538f5213003713f8
                                                                        • Opcode Fuzzy Hash: 2ac2b592db3f9692cb7a5b3bc46003a3bf626419324c79dd5455d25ea0bdc311
                                                                        • Instruction Fuzzy Hash: D0418D35781214A7C620AF6AAC47FEB7358EB81B25F1401BBFD09A32D0DD69AD0046ED
                                                                        Function 00412610 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004126EE
                                                                        • __Getctype.LIBCPMT ref: 00412707
                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00412751
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004127EF
                                                                        • __Getwctype.LIBCPMT ref: 0041282A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$Locinfo::_$GetctypeGetwctypeLocinfo_ctorLocinfo_dtorLockitLockit::~_
                                                                        • String ID: bad locale name
                                                                        • API String ID: 201867346-1405518554
                                                                        • Opcode ID: 1af70972fbd8fd394261b7672b218bb29ee07418f61f38ba363869a3bb34d789
                                                                        • Instruction ID: fb01a51910be7c6eaa99b540ff2eac30bca8d6a60054ec657d3f721683236568
                                                                        • Opcode Fuzzy Hash: 1af70972fbd8fd394261b7672b218bb29ee07418f61f38ba363869a3bb34d789
                                                                        • Instruction Fuzzy Hash: 525193B1C003589BEB10DFA5C945BDAB7B4BF14314F14826ED848E7341EB78EA94CB66
                                                                        Function 0041FA30 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77synchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                        • CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleObjectSingleWait
                                                                        • String ID: All pipes closed properly.$CommBridge$Inside closeBridge$OOBEUtils
                                                                        • API String ID: 528846559-1211123791
                                                                        • Opcode ID: 1f3c2fab79f574a5bc492b236c571b4ebadb7da9787cdc0bcc3f81ec269f5a84
                                                                        • Instruction ID: c28e8b6ec9cc632472ca235f45b3f8d0a108cff224a1436875239388707932b2
                                                                        • Opcode Fuzzy Hash: 1f3c2fab79f574a5bc492b236c571b4ebadb7da9787cdc0bcc3f81ec269f5a84
                                                                        • Instruction Fuzzy Hash: 3421D330B40321A7CA20EF268C56F873B54AF12F11F240577B806A72D0CEACF99187AD
                                                                        Function 0048857A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FreeLibrary.KERNEL32(00000000,?,00488689,0040B377,?,00000000,?,?,?,004888B3,00000022,FlsSetValue,004A3F04,004A3F0C,?), ref: 0048863B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID: api-ms-$ext-ms-
                                                                        • API String ID: 3664257935-537541572
                                                                        • Opcode ID: 11c0850fd9dd82efe467599ba98e49e0b0b665d46b4f2ea3fd8847a1b3d20761
                                                                        • Instruction ID: 0d18bb84f8fc76a6c3da93e18ff47703567a800fd64ff94e1cc0b507c8cbf4c8
                                                                        • Opcode Fuzzy Hash: 11c0850fd9dd82efe467599ba98e49e0b0b665d46b4f2ea3fd8847a1b3d20761
                                                                        • Instruction Fuzzy Hash: 2C21C331A01221ABCB21AB259C41A9F37589B51760F64096BE906B7390EF38ED00CBDD
                                                                        Function 00427260 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(?,?,0040653E), ref: 0042726E
                                                                        • PathIsDirectoryW.SHLWAPI(?), ref: 00427283
                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,?,?,0040653E), ref: 0042729D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPath$CreateExistsFile
                                                                        • String ID: FileUtils$OOBEUtils$SHCreateDirectoryEx failed. Error: %d
                                                                        • API String ID: 3984196470-716391998
                                                                        • Opcode ID: e2f3c0152dea6573d78a5f9b5d09177c3ec5f57044b8f182ed452466184478f4
                                                                        • Instruction ID: 1c360898109e8edf91c6b2f0d6b286c19c2d4d721b312238894a1274079c5597
                                                                        • Opcode Fuzzy Hash: e2f3c0152dea6573d78a5f9b5d09177c3ec5f57044b8f182ed452466184478f4
                                                                        • Instruction Fuzzy Hash: F0119B3174522097CA249B55BD4AF4B3758AFC2F51B5504ABFC4557391CA68AC40CABC
                                                                        Function 004151D0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151DB
                                                                        • DestroyEnvironmentBlock.USERENV(00000000,?,00414C7F,?), ref: 004151E9
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151F7
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415205
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415212
                                                                        • CloseHandle.KERNEL32(?,?,00414C7F,?), ref: 00415226
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 0041523F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle$BlockDestroyEnvironment
                                                                        • String ID:
                                                                        • API String ID: 1096182194-0
                                                                        • Opcode ID: e2e22a70dbd95b21f456f59282a0213a811955f47d7c623cdfc0833d9dcf18cc
                                                                        • Instruction ID: 34402626d38a9728df7e9b11658db42f6f8f7e161e27eba0645d41ce3f5bf331
                                                                        • Opcode Fuzzy Hash: e2e22a70dbd95b21f456f59282a0213a811955f47d7c623cdfc0833d9dcf18cc
                                                                        • Instruction Fuzzy Hash: 5501D371B00B11EBDB209F76EC48B9777ECBF54B41304493AB956E3650EA78E8408A69
                                                                        Function 0041FB30 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNEL32(?,?,?,0041FAA0,00000000,00000008,00405984), ref: 0041FBA7
                                                                        • CloseHandle.KERNEL32(00000000,?,?,0041FAA0,00000000,00000008,00405984), ref: 0041FC27
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle
                                                                        • String ID: Closing inPipe %p$Closing outPipe %p$CommBridge$OOBEUtils
                                                                        • API String ID: 2962429428-1143323105
                                                                        • Opcode ID: 2a3135dafd0f9304286105df91380c5b5f1a53f32146d0c127ed63ac37bcf816
                                                                        • Instruction ID: 0f7ac151626cc6776e72673ec142dc1ae90cb188b2ca2df04446cdc6e3645632
                                                                        • Opcode Fuzzy Hash: 2a3135dafd0f9304286105df91380c5b5f1a53f32146d0c127ed63ac37bcf816
                                                                        • Instruction Fuzzy Hash: C421F630740311A7CA20EF259D66F9B3654BB41B00F14017BF912A72E1CBACBD5286ED
                                                                        Function 004018B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RegisterServiceCtrlHandlerW.ADVAPI32(AdobeUpdateService,00401DB0), ref: 00401942
                                                                        • GetLastError.KERNEL32 ref: 004019A0
                                                                          • Part of subcall function 00401770: SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                          • Part of subcall function 00401770: GetLastError.KERNEL32 ref: 00401877
                                                                          • Part of subcall function 00401A30: GetLastError.KERNEL32(00000000,00000001,?,00401A1C), ref: 00401AC7
                                                                        Strings
                                                                        • ServiceMain: Failed to register the service with Register Service Control Handler with %d, xrefs: 004019A7
                                                                        • AdobeUpdateService, xrefs: 0040193D
                                                                        • ServiceMain: Started, xrefs: 00401922
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$Service$CtrlHandlerRegisterStatus
                                                                        • String ID: AdobeUpdateService$ServiceMain: Failed to register the service with Register Service Control Handler with %d$ServiceMain: Started
                                                                        • API String ID: 125077777-3162937321
                                                                        • Opcode ID: b74a3c793bce63fd3287ecdf9c99267635b26962f32db75fa19738fde18ddafd
                                                                        • Instruction ID: a0a6ef52c26ab5d4a2a010d99244e849a5362b380fe035aef843cf64b66cd91c
                                                                        • Opcode Fuzzy Hash: b74a3c793bce63fd3287ecdf9c99267635b26962f32db75fa19738fde18ddafd
                                                                        • Instruction Fuzzy Hash: 25311171A40215ABE300DF6AED46B5A77A4EB55714F14423FE804A73D0EFB86904CBA9
                                                                        Function 0040B280 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70synchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(?,?,?,?,?,00404417,000000FF,000000FF,?,?), ref: 0040B317
                                                                        • ResetEvent.KERNEL32(?,?,?,00404417,000000FF,000000FF,?,?), ref: 0040B32E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: EventObjectResetSingleWait
                                                                        • String ID: NULL OOBE_Event_t object passed in WaitforEvent $OOBEEvents$OOBEUtils
                                                                        • API String ID: 3162950495-832234452
                                                                        • Opcode ID: c206187707b054cee0fab18e90408e3dcbedc60c60ed156cedcffc0df12259e5
                                                                        • Instruction ID: ed9a0f1cae05966dad16be02516542e9fa838564d8aed4eb53f716a594107257
                                                                        • Opcode Fuzzy Hash: c206187707b054cee0fab18e90408e3dcbedc60c60ed156cedcffc0df12259e5
                                                                        • Instruction Fuzzy Hash: C11108317802155BEB208B599C47B5A7748EB01B31F6407BBFC69E72D0CB65AC1046DC
                                                                        Function 00403E40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Event
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils$readDataCallBack : Setting event for read data callback
                                                                        • API String ID: 4201588131-2675428969
                                                                        • Opcode ID: 8d0fe7199531401063d2ff202e2e47731f7e3bb82e1b5197b15312e4f729c641
                                                                        • Instruction ID: 4701acb43a26968b7f86df0609fe2f1396b750fb55ec2d1e5461187ebc36528e
                                                                        • Opcode Fuzzy Hash: 8d0fe7199531401063d2ff202e2e47731f7e3bb82e1b5197b15312e4f729c641
                                                                        • Instruction Fuzzy Hash: 7101A532780224ABC6109B59EC42A5B7B5CEF65B137140077FA09A72D0CB7ABD508BED
                                                                        Function 00403EF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetEvent.KERNEL32(?,018FB788,00000000,00000008,00000000,00497500,000000FF,?,004059AA), ref: 00403F86
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Event
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils
                                                                        • API String ID: 4201588131-2429184316
                                                                        • Opcode ID: 5593ad2a507a23b0f7cd9ec3a726937450f1b810ed9e790710a49eada20f922d
                                                                        • Instruction ID: 925ded1f5c256d2d7ca2cb9baee336687e69f41301eaf6f7f9b06fcd4507b0e0
                                                                        • Opcode Fuzzy Hash: 5593ad2a507a23b0f7cd9ec3a726937450f1b810ed9e790710a49eada20f922d
                                                                        • Instruction Fuzzy Hash: 0E310270740602ABD708CF15CD95B5ABBA8FF45715F10023AE609A7AD0DB7DF9508B9C
                                                                        Function 0040BB70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::locale::_Init.LIBCPMT ref: 0040BC81
                                                                          • Part of subcall function 0046B5AE: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,004C94C0,?,?,00468759,?,004C13D0,?), ref: 0046B60E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionInitRaisestd::locale::_
                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                        • API String ID: 2020603122-1866435925
                                                                        • Opcode ID: 02f188c2921aaeed174908c3ed2f8e321f5381dadfdf40a2248bed2df7ff2a08
                                                                        • Instruction ID: 1c84d52ffb255289c8c822d3fe868fb1937b2b01e66fc20b4b360ecd81d27cfb
                                                                        • Opcode Fuzzy Hash: 02f188c2921aaeed174908c3ed2f8e321f5381dadfdf40a2248bed2df7ff2a08
                                                                        • Instruction Fuzzy Hash: 923104B1900704BBD310DF55C806B96B7A4FB00718F10422FE8049BAC1E7BEB5548BDA
                                                                        Function 00401770 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                        • GetLastError.KERNEL32 ref: 00401877
                                                                        Strings
                                                                        • ReportSvcStatus : Setting Service Status state to %d , xrefs: 00401800
                                                                        • ReportSvcStatus : Set Service Status returned Error %d, while setting state to %d , xrefs: 0040187E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastServiceStatus
                                                                        • String ID: ReportSvcStatus : Set Service Status returned Error %d, while setting state to %d $ReportSvcStatus : Setting Service Status state to %d
                                                                        • API String ID: 1547514316-586121575
                                                                        • Opcode ID: b1f02e58a53d84fc7e1140356b729e7ad3c4ef579053cb0ed929bf1a68765758
                                                                        • Instruction ID: 2a8e6345c1da827573bafa61699fe2058e0613da09c450c42f65518c3299f71e
                                                                        • Opcode Fuzzy Hash: b1f02e58a53d84fc7e1140356b729e7ad3c4ef579053cb0ed929bf1a68765758
                                                                        • Instruction Fuzzy Hash: 3431C1B1A40215AFE700DF5ADC85F5A7BA8EB04724F14417FF904A7391EF74AA008BA9
                                                                        Function 00414530 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004145A9
                                                                        • std::_Facet_Register.LIBCPMT ref: 0041461B
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0041463D
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00414660
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$LockitLockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                        • String ID:
                                                                        • API String ID: 2694047013-0
                                                                        • Opcode ID: 6201b34415790ecdc3c4312f4d7271bec7e3576b96991d2cb71848aa7408f576
                                                                        • Instruction ID: cab6b8252c7ea6f46c49d82a6c8e4df40f83147f90a4d45c9da3e1dc65de2ae0
                                                                        • Opcode Fuzzy Hash: 6201b34415790ecdc3c4312f4d7271bec7e3576b96991d2cb71848aa7408f576
                                                                        • Instruction Fuzzy Hash: 6A41DD728001499FCB10DF59C880AAEB7B5FB94324F24426ED905633A0EB38AD41CB9A
                                                                        Function 00404306 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0041FA30: WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                          • Part of subcall function 0041FA30: CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        • CloseHandle.KERNEL32(00000000), ref: 004044EC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle$ObjectSingleWait
                                                                        • String ID: NULL OOBE_Event_t object passed in DestroyEvent $OOBEEvents$OOBEUtils
                                                                        • API String ID: 2079671238-3942007460
                                                                        • Opcode ID: 7ba2493474033c5fd607328ee864a22586e7fa76a4e717b6f850cbfa2510f76e
                                                                        • Instruction ID: aac3e4b64ef8bd33976eafc0c19c8d66d4ba662bde6bb840a130360140da2fc7
                                                                        • Opcode Fuzzy Hash: 7ba2493474033c5fd607328ee864a22586e7fa76a4e717b6f850cbfa2510f76e
                                                                        • Instruction Fuzzy Hash: 87212670B843109BCB20DF148C4675A3B58AF51B11F1404BFE9466B2C1DEBCA905C7AE
                                                                        Function 00404050 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteCriticalSection.KERNEL32(00000000,00000000,00000008,?,?,004059AA), ref: 0040405B
                                                                        • DeleteCriticalSection.KERNEL32(00497733,?,?,004059AA), ref: 00404065
                                                                        • CoInitialize.OLE32(00000000), ref: 004040F5
                                                                        • CoUninitialize.OLE32(?,?,004059AA,?,?,?,?,?,?,?,?,?,?,?,?,00000028), ref: 00404103
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDeleteSection$InitializeUninitialize
                                                                        • String ID:
                                                                        • API String ID: 161803370-0
                                                                        • Opcode ID: 1374b990ee36924d85f733176f9cff0057eba2b114e7e0308ad5df1b95475ba0
                                                                        • Instruction ID: 8dbd2ad74c855c1e3886fba8a0bf51dabcff8673f71024995de98868baa7c6da
                                                                        • Opcode Fuzzy Hash: 1374b990ee36924d85f733176f9cff0057eba2b114e7e0308ad5df1b95475ba0
                                                                        • Instruction Fuzzy Hash: EF11B2B16001416BD704EBA6DC49B59B7A8FF90319F10013AF309C7A90DBB9F964C7AA
                                                                        Function 0041FE90 Relevance: 5.4, APIs: 4, Instructions: 417COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,?,?), ref: 0041FF5B
                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 0041FF65
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterLeave
                                                                        • String ID:
                                                                        • API String ID: 3168844106-0
                                                                        • Opcode ID: 8d4374fadd7b43dced5683e9704e2794f3d6c2d318b486cb43d93fc2591642e0
                                                                        • Instruction ID: bd9ddbb0fe4a3e6c369a6c316b03fe687d8d5a0e13e3211eb2381caa863402dd
                                                                        • Opcode Fuzzy Hash: 8d4374fadd7b43dced5683e9704e2794f3d6c2d318b486cb43d93fc2591642e0
                                                                        • Instruction Fuzzy Hash: BAF19B72A00218AFCF00DF98D880AAEBBF5FF48310F54456AF945A7352D735AD45CBA9
                                                                        Function 0046A7CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00402170: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,0040320B,?,?,?,?,\\.\pipe\,00000009,?,?), ref: 00402175
                                                                          • Part of subcall function 00402170: GetLastError.KERNEL32(?,00000000,00000000,?,0040320B,?,?,?,?,\\.\pipe\,00000009,?,?), ref: 0040217F
                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0040120A), ref: 0046A7FE
                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040120A), ref: 0046A80D
                                                                        Strings
                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0046A808
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2525762974.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000000.00000002.2525740439.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525833146.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525869280.00000000004C4000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525893681.00000000004C5000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2525915034.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526131732.00000000005E8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526187908.000000000065A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526213468.000000000065E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526237866.0000000000669000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526260782.000000000066C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526284409.0000000000673000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526321826.0000000000677000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526348625.0000000000680000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526376077.0000000000684000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526407770.00000000006B5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2526447639.00000000006B8000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                        • API String ID: 3511171328-631824599
                                                                        • Opcode ID: 00762af9e337a6805c8ac2cb9da72729d3ba67172526ae018d23e5fce0be16ff
                                                                        • Instruction ID: 855bd9d759665368c18885314bfe8a93a87ca15081f3247de167772f86f515d8
                                                                        • Opcode Fuzzy Hash: 00762af9e337a6805c8ac2cb9da72729d3ba67172526ae018d23e5fce0be16ff
                                                                        • Instruction Fuzzy Hash: 24E06D742007118BD3B0AF65E408B46BAE4AB15704F00887FE481E3681EBB8E8448FAA

                                                                        Executed Functions

                                                                        Function 027292CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 02729314
                                                                          • Part of subcall function 02729098: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027290C1
                                                                          • Part of subcall function 02729098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0272926D
                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 02729366
                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,0000002C), ref: 027293C0
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 027293F3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2477238263.0000000002729000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        • Associated: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$Free$Protect
                                                                        • String ID: ,
                                                                        • API String ID: 1004437363-3772416878
                                                                        • Opcode ID: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                        • Instruction ID: 8cf0b7fcc4ee631f96ffcb1d726fd91f30004b22ef2e972e70d0af48dbeaa199
                                                                        • Opcode Fuzzy Hash: 846e80d9192284de11e110977aaee4205ca63ec1a267e246cbf1a7208dcc7df3
                                                                        • Instruction Fuzzy Hash: 4E51FBB5900619EFDB21DFA9C884ADEBBF4FF08344F24851AEA59A7240D370E954CB94
                                                                        Function 02720BA2 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: __freea$__alloca_probe_16
                                                                        • String ID:
                                                                        • API String ID: 3509577899-0
                                                                        • Opcode ID: ce54a3ffa3c206c14bffd427b210e19008eb060737d68032c1c5c0485f0d498a
                                                                        • Instruction ID: 1be3ccf982e4a017475ea14de79b25610700e68ccb5888e49213afb522280f90
                                                                        • Opcode Fuzzy Hash: ce54a3ffa3c206c14bffd427b210e19008eb060737d68032c1c5c0485f0d498a
                                                                        • Instruction Fuzzy Hash: 0C51E972601226AFEF225F66CC88EBB77AEDF54714B150129FD04E6150E736EC58CA70
                                                                        Function 02729098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027290C1
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,?), ref: 0272926D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2477238263.0000000002729000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        • Associated: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$AllocFree
                                                                        • String ID:
                                                                        • API String ID: 2087232378-0
                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                        • Instruction ID: d7aefc89d4f347fa2e214709be6ae31493a9c9c6346dabca32ea6d78c15bb78b
                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                        • Instruction Fuzzy Hash: 56718871A0425ADFDB41CF98C981BEEBBF0AB09314F284095E565FB241D334AA95CB64
                                                                        Function 02723D41 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LCMapStringEx.KERNELBASE(?,02720C92,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 02723D75
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: String
                                                                        • String ID:
                                                                        • API String ID: 2568140703-0
                                                                        • Opcode ID: 10bc98d3259c0532affc41d59a16c20285d6eba7c3521f133d09cd9432be7817
                                                                        • Instruction ID: 05516c75637a9f6b56fd9bc57e9b32989d448d9d6e604efd8a504f74cb3b956b
                                                                        • Opcode Fuzzy Hash: 10bc98d3259c0532affc41d59a16c20285d6eba7c3521f133d09cd9432be7817
                                                                        • Instruction Fuzzy Hash: C5F0643640022ABBCF126EA1DD089DE3F26EB487A1B058150FA1825120CB3AC931AB90
                                                                        Function 0271BEFA Relevance: 1.3, APIs: 1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualFree.KERNELBASE(?,00000000,?), ref: 0271BFCE
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: FreeVirtual
                                                                        • String ID:
                                                                        • API String ID: 1263568516-0
                                                                        • Opcode ID: 52a73b2a073f67b209ad97b4d3969da0325ec8f4c5dead9ac1800fea3955179f
                                                                        • Instruction ID: f2fb694d0a3fbfad7730dea74e1e7b35ef25adce93bf46e4ad9ddd7db68aed1e
                                                                        • Opcode Fuzzy Hash: 52a73b2a073f67b209ad97b4d3969da0325ec8f4c5dead9ac1800fea3955179f
                                                                        • Instruction Fuzzy Hash: 9F310571E00209AFCB14CFA9D984BAEBBF8BF0A708F109429E955F7240D771A905CF95
                                                                        Function 0271BC80 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNELBASE(00000000), ref: 0271BCC7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle
                                                                        • String ID:
                                                                        • API String ID: 2962429428-0
                                                                        • Opcode ID: a23069c58833451aab7bbb289d618986dc18b03b75e60f1caa3a037f0699dfe5
                                                                        • Instruction ID: 7edf0cfb60d4409a585535b7bfebde3cb08631df70b4dfc39247f0f6e4f9669d
                                                                        • Opcode Fuzzy Hash: a23069c58833451aab7bbb289d618986dc18b03b75e60f1caa3a037f0699dfe5
                                                                        • Instruction Fuzzy Hash: A1E0EDB5942612BBA3112A249E08D7B776CEF917423049824FE00E2200DF30D812CAB1

                                                                        Non-executed Functions

                                                                        Function 004029A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 247COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AdobeUpdateService$AdobeUpdateService: Process certificate didnt match to Adobe certificate!$main: Finished$main: Started
                                                                        • API String ID: 0-108484121
                                                                        • Opcode ID: b3500d050bb6cdf61eb27a6f39655ff4180bc88b106c65d246eddb0ba753381a
                                                                        • Instruction ID: aa4f7462551908f85693e87270aad57e37dee6bb7c79447cbb64f1a26d33a99d
                                                                        • Opcode Fuzzy Hash: b3500d050bb6cdf61eb27a6f39655ff4180bc88b106c65d246eddb0ba753381a
                                                                        • Instruction Fuzzy Hash: D491F870A002189FEB14DF65CD5ABAE7BB4EB04718F14417EE405B73C1EBB86A05CB99
                                                                        Function 02729277 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2477238263.0000000002729000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        • Associated: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                        • Instruction ID: 0702c00964a25cce612ec523691a73edf13d045c3bee0e9d71c9543598908412
                                                                        • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                        • Instruction Fuzzy Hash: C6F06275A00210CF8714DF0AC544D9677F6EB85714F7945A5D5049B221D3B0DD48CB50
                                                                        Function 0041F500 Relevance: 30.4, APIs: 11, Strings: 9, Instructions: 396sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,BB40E64E,?,00000008), ref: 0041F537
                                                                        • Sleep.KERNEL32(00000001), ref: 0041F53F
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F585
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F5C9
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041F646
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$Leave$EnterSleep
                                                                        • String ID: CommBridge$Data size %i is larger than max buffer size, aborting write.$OOBEUtils$Out pipe handle is invalid, aborting write.$Pipe %p not initialized, aborting write.$Terminate channel$Writing data packet to pipe failed with error code %i$Writing info packet to pipe failed with error code %i$`J
                                                                        • API String ID: 4275215032-318403239
                                                                        • Opcode ID: 8abe9bf9aa2a41506b6c831e74ff08ca7d922cea81cd4335f7d1f82bf08bb469
                                                                        • Instruction ID: 357453fb2a3021c3316a4f80364e3140d53479557ee8387c2b372fbbb1bee486
                                                                        • Opcode Fuzzy Hash: 8abe9bf9aa2a41506b6c831e74ff08ca7d922cea81cd4335f7d1f82bf08bb469
                                                                        • Instruction Fuzzy Hash: F2E10770B40208ABDB00DF65DD4ABDE7BB5AF45700F24013AF806A72D1DB7CAA458B5D
                                                                        Function 004056B0 Relevance: 24.8, APIs: 4, Strings: 10, Instructions: 296sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,00000028), ref: 0040587F
                                                                          • Part of subcall function 0041FA30: WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                          • Part of subcall function 0041FA30: CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        Strings
                                                                        • Initializing Communication Channel with ACC with pipename: %s, xrefs: 00405862
                                                                        • CreateIPCChannel failed for pipe %s, xrefs: 004058D0
                                                                        • Failed in creating client thread, xrefs: 00405984
                                                                        • Failed in initial handshake with the client, xrefs: 004058F0
                                                                        • Sent communnication ID packet to the client, xrefs: 004056EF
                                                                        • Problem initializing Communication Channel. Quitting. Error code %d, xrefs: 004058A7
                                                                        • failed to create a new thread for ipc communications. Fatal Error, xrefs: 0040591A
                                                                        • thread failed to resumed. fatal error, xrefs: 0040594C
                                                                        • Successfully created the client thread, xrefs: 004059E8
                                                                        • Failed to sent communnication ID packet to the client, xrefs: 004059B9
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleObjectSingleSleepWait
                                                                        • String ID: CreateIPCChannel failed for pipe %s$Failed in creating client thread$Failed in initial handshake with the client$Failed to sent communnication ID packet to the client$Initializing Communication Channel with ACC with pipename: %s$Problem initializing Communication Channel. Quitting. Error code %d$Sent communnication ID packet to the client$Successfully created the client thread$failed to create a new thread for ipc communications. Fatal Error$thread failed to resumed. fatal error
                                                                        • API String ID: 640476663-1070437462
                                                                        • Opcode ID: 68fa43ea2eba1087806099fb0bd63b4327f9badd3dddcdc44e0fb38c4a85424d
                                                                        • Instruction ID: dce432d37da255bfcb33f67ab20813508531a13952796c9d494c823ab279c1dd
                                                                        • Opcode Fuzzy Hash: 68fa43ea2eba1087806099fb0bd63b4327f9badd3dddcdc44e0fb38c4a85424d
                                                                        • Instruction Fuzzy Hash: F0A1D2B0A40615AFCB00DF65DC86B6E7BA4FF49704F10017AE505AB3D1DB78A914CB9A
                                                                        Function 00401A30 Relevance: 24.8, APIs: 5, Strings: 9, Instructions: 268synchronizationthreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetLastError.KERNEL32(00000000,00000001,?,00401A1C), ref: 00401AC7
                                                                          • Part of subcall function 00401770: SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                          • Part of subcall function 00401770: GetLastError.KERNEL32 ref: 00401877
                                                                        • CreateThread.KERNEL32(00000000,00000000,00401520,00000000,00000000,00000000), ref: 00401B0D
                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00401A1C), ref: 00401C91
                                                                        • ResetEvent.KERNEL32(?,?,?,?,?,?,?,?,00401A1C), ref: 00401C99
                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00401A1C), ref: 00401D13
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$CloseCreateEventHandleObjectResetServiceSingleStatusThreadWait
                                                                        • String ID: NULL OOBE_Event_t object passed in DestroyEvent $NULL OOBE_Event_t object passed in WaitforEvent $OOBEEvents$OOBEUtils$SvcInit: Creat thread failed$SvcInit: Create thread successful$SvcInit: Finished$SvcInit: Now wating for the close signal$SvcInit: Started New
                                                                        • API String ID: 2548555128-2125176678
                                                                        • Opcode ID: fdb8e43f0c7796d05782fa09c5a4e7a52c29433dbb338b57c4b152e7f49b068c
                                                                        • Instruction ID: f73ab4652ae81edbc98d7fd2a5d95e0b0f6ab9935acceea9d8e153ccbd849a11
                                                                        • Opcode Fuzzy Hash: fdb8e43f0c7796d05782fa09c5a4e7a52c29433dbb338b57c4b152e7f49b068c
                                                                        • Instruction Fuzzy Hash: 9291D370B80315ABE710DB559D46B5E3BA4EB10B14F14017BF915B73D1EFB8A9008BAE
                                                                        Function 00427320 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 148fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(00000000,00000000,0040674D), ref: 0042732E
                                                                        • PathIsDirectoryW.SHLWAPI(00000000), ref: 00427347
                                                                        • DeleteFileW.KERNEL32(00000000,00000000,?), ref: 0042735A
                                                                        • GetLastError.KERNEL32 ref: 0042736C
                                                                        • GetFileAttributesW.KERNEL32(00000000), ref: 00427386
                                                                        • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 00427420
                                                                        • DeleteFileW.KERNEL32(00000000), ref: 00427431
                                                                        • GetLastError.KERNEL32 ref: 00427456
                                                                        • GetLastError.KERNEL32 ref: 004274A6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: File$ErrorLast$AttributesDeletePath$DirectoryExists
                                                                        • String ID: Failed to delete file: '%s' LastError:%d$File '%s' is with read-only. Its attribute is: '%d'. UnSetting its read-only attr and retry deleting$FileUtils$OOBEUtils
                                                                        • API String ID: 2466363971-4107796821
                                                                        • Opcode ID: 00b6d3bf9a951ad68e80268370d137a51b95931526897c450c14d293331eb804
                                                                        • Instruction ID: 1d99e2006965ff6694df6736826d9ecfdb84e75553d3c6a76360acde75f41734
                                                                        • Opcode Fuzzy Hash: 00b6d3bf9a951ad68e80268370d137a51b95931526897c450c14d293331eb804
                                                                        • Instruction Fuzzy Hash: 3341A530745221EBCA10DF19FD99A5A7B65FB85B01BA40477F80197290DB78BC90CBBD
                                                                        Function 00427AB0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 182encryptionmemoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WinVerifyTrust.WINTRUST(000000FF,?*@`J,?,BB40E64E,?,?), ref: 00427B84
                                                                        • WTHelperProvDataFromStateData.WINTRUST(00000000), ref: 00427B95
                                                                        • WTHelperGetProvSignerFromChain.WINTRUST(00000000,00000000,00000000,00000000), ref: 00427BAA
                                                                        • WTHelperGetProvCertFromChain.WINTRUST(00000000,00000000), ref: 00427BCA
                                                                        • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,00000000), ref: 00427C07
                                                                        • LocalAlloc.KERNEL32(00000000), ref: 00427C22
                                                                        • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,00000000,?), ref: 00427C41
                                                                        • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00427C6A
                                                                        • WinVerifyTrust.WINTRUST(000000FF,00AAC56B,00000034), ref: 00427D07
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CertFromHelperProv$ChainDataLocalNameStringTrustVerify$AllocFreeSignerState
                                                                        • String ID: 4$?*@`J${|}
                                                                        • API String ID: 318076659-843163469
                                                                        • Opcode ID: 2b2f03a0b2219b9638c237f0a50e4636c7e99644d9adfce77a164d3a7e6bd346
                                                                        • Instruction ID: 07a7e49040c28470832a96e5ee50d6d3bb65460ac79225f476d81bb8c7a89be8
                                                                        • Opcode Fuzzy Hash: 2b2f03a0b2219b9638c237f0a50e4636c7e99644d9adfce77a164d3a7e6bd346
                                                                        • Instruction Fuzzy Hash: 69717BB0E00218AFEB14DFA5DD89B9EBBB8FB04314F10416EE515AB281DBB95944CF58
                                                                        Function 0041E190 Relevance: 19.8, APIs: 6, Strings: 7, Instructions: 309COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?), ref: 0041E231
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041E288
                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0041E2DC
                                                                        • EnterCriticalSection.KERNEL32(0036EE80), ref: 0041E302
                                                                        • LeaveCriticalSection.KERNEL32(0036EE80), ref: 0041E37D
                                                                        • LeaveCriticalSection.KERNEL32(00000009), ref: 0041F2F9
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$Leave$Enter
                                                                        • String ID: CommBridge$Inside initCommBridge, creating pipe %s$OOBEUtils$Pipe already initialized.$Pipe name is empty.$Wrong pipe context passed %i.$\\.\pipe\
                                                                        • API String ID: 2978645861-1085201787
                                                                        • Opcode ID: 2741faf5fde62311bba358750df085c702bd52d97c66e27c1744663fa93f332a
                                                                        • Instruction ID: aaa71bcc0c1ad3f749e7ec319ae41c39833817b2d272478ea5ed4507fdbc246a
                                                                        • Opcode Fuzzy Hash: 2741faf5fde62311bba358750df085c702bd52d97c66e27c1744663fa93f332a
                                                                        • Instruction Fuzzy Hash: 5CA10134700300ABDB24DF66DC9AF9A77A8AB05701F14056FE905972D1DB78F990CBAE
                                                                        Function 004274E0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 427fileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(?,BB40E64E,?,00000000,?,?,?,00000000,0049994D,000000FF,?,00406D2F), ref: 0042751A
                                                                          • Part of subcall function 004270D0: PathRemoveFileSpecW.SHLWAPI(00000000,?,?,?,?,?,?,00000000,0049994D,000000FF), ref: 0042714C
                                                                          • Part of subcall function 00427260: PathFileExistsW.SHLWAPI(?,?,0040653E), ref: 0042726E
                                                                          • Part of subcall function 00427260: PathIsDirectoryW.SHLWAPI(?,?,0040653E), ref: 00427283
                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000000,0049994D,000000FF), ref: 004275CB
                                                                        • GetLastError.KERNEL32(?,?,00000000,0049994D,000000FF), ref: 004275E9
                                                                        • GetLastError.KERNEL32(?,?,00000000,0049994D,000000FF), ref: 00427637
                                                                        • SetFileAttributesW.KERNEL32(?,00000080,?,?,00000000,0049994D,000000FF), ref: 00427678
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: File$Path$ErrorExistsLast$AttributesCopyDirectoryRemoveSpec
                                                                        • String ID: Failed to copy file at the destination:'%s'. LastError: %d$FileUtils$OOBEUtils$Source file does not exist in CopyFileFromSourceToDestination
                                                                        • API String ID: 3678581443-2441349454
                                                                        • Opcode ID: 3b2b4e70207e77957e346cfaaefa40b7f30fec250b144c30194b88bdfa61c5ea
                                                                        • Instruction ID: 304be064ac5706b44c2d59a599f2d95f36f10b52853653852536ae88b2003d00
                                                                        • Opcode Fuzzy Hash: 3b2b4e70207e77957e346cfaaefa40b7f30fec250b144c30194b88bdfa61c5ea
                                                                        • Instruction Fuzzy Hash: DAE1F471F002249BCB14DF69ED85BAEB7B5FB45710F50422EE411A7390DB38AD41CBA9
                                                                        Function 0041F360 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 146filesleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F38A
                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F39F
                                                                        • Sleep.KERNEL32(0000000A,?,?,?,?,00000000,?,?,?), ref: 0041F3B6
                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,00000000,?,?,?), ref: 0041F3CC
                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 0041F3D6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorFileLastWrite$Sleep
                                                                        • String ID: CommBridge$Number of retries to write to pipe exhausted with last error = %lu. Aborting write on pipe %p$OOBEUtils$Write failed or else (No of bytes written > data). Aborting write on pipe %p , errno: %lu
                                                                        • API String ID: 2338600601-2345992799
                                                                        • Opcode ID: b8e0a7f11eae0cb03ddd70be310acbc4cd459f475ee6759fc557cd37cf45340b
                                                                        • Instruction ID: bbdbd7131a9a05eaf625d8743bffc745cebe138b644272fe07d0d675cb0cef45
                                                                        • Opcode Fuzzy Hash: b8e0a7f11eae0cb03ddd70be310acbc4cd459f475ee6759fc557cd37cf45340b
                                                                        • Instruction Fuzzy Hash: 13411635B00208BBDB10DFA69C42BBF7B68EB55721F1001BBF815A32C0DA746D4087A8
                                                                        Function 004163F0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 155COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000000,?,00000000,00404D5E,?), ref: 00416418
                                                                        • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000001,00000000,00000000), ref: 004164B4
                                                                        • GetLastError.KERNEL32 ref: 004164CB
                                                                        • GetLastError.KERNEL32 ref: 0041651E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharErrorLastMultiWide
                                                                        • String ID: Error allocating memory while converting Native string to UTF8 string$Failed to convert WideCharToMultiByte. ErrorCode::%d$OOBEUtils$StringUtils
                                                                        • API String ID: 203985260-2236274340
                                                                        • Opcode ID: e39f2a51ba932da9826a003946e3c0e9b08f0d17437669bc90833129a53970bc
                                                                        • Instruction ID: 716146f1c0389004c4db2de1f4adde63d4e0a6c81021537d3ce57664b142a41d
                                                                        • Opcode Fuzzy Hash: e39f2a51ba932da9826a003946e3c0e9b08f0d17437669bc90833129a53970bc
                                                                        • Instruction Fuzzy Hash: 28417B3578031477DA20AF1AAC47FEA7794EB42B21F2400BBFD09632D0D9696D4487AD
                                                                        Function 00403C90 Relevance: 13.6, APIs: 2, Strings: 7, Instructions: 137sleepCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        • Failed to initiate communication, xrefs: 00403DCB
                                                                        • Initializing1 Connection Channel with Service with pipename: %s, xrefs: 00403CD0
                                                                        • Communication is open on the other pipe. Closing the static guid and re-opening for new clients..., xrefs: 00403DF4
                                                                        • Successfully initiated communication, xrefs: 00403DAA
                                                                        • Problem initializing Connection Channel. Quitting., xrefs: 00403D11
                                                                        • Success:Initializing Connection Channel with Service with pipename: %s, xrefs: 00403D73
                                                                        • Failed to create the connection channel, xrefs: 00403D34
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: Communication is open on the other pipe. Closing the static guid and re-opening for new clients...$Failed to create the connection channel$Failed to initiate communication$Initializing1 Connection Channel with Service with pipename: %s$Problem initializing Connection Channel. Quitting.$Success:Initializing Connection Channel with Service with pipename: %s$Successfully initiated communication
                                                                        • API String ID: 3472027048-2173017273
                                                                        • Opcode ID: 6df400194c0d2eafb8ad463674300954c48552a7f74c4dd405dff45e14274271
                                                                        • Instruction ID: 5187b662ea0dd10bef7ca44164715a625855074a8d72d76878ed54e6067e5788
                                                                        • Opcode Fuzzy Hash: 6df400194c0d2eafb8ad463674300954c48552a7f74c4dd405dff45e14274271
                                                                        • Instruction Fuzzy Hash: 9141F170600200EFCB10DF19DC89B5A7BA8AF49705F1440BAE909BB3D1CB78ED44CBA9
                                                                        Function 00418B10 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 330COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418B88
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418BAF
                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00418C74
                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00418C8E
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00418D23
                                                                        • std::_Facet_Register.LIBCPMT ref: 00418D30
                                                                          • Part of subcall function 0046877A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00468786
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$LockitLockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegisterstd::invalid_argument::invalid_argument
                                                                        • String ID: bad locale name
                                                                        • API String ID: 1871079455-1405518554
                                                                        • Opcode ID: c6cdc14bd338eddc53a98ba7adfe9d068b301496e6a84cf03d0ab39cc8f10731
                                                                        • Instruction ID: 2b18787ee60dced21a1ee80d710d234eacb2e1acb53e15705c8ae09ecf607236
                                                                        • Opcode Fuzzy Hash: c6cdc14bd338eddc53a98ba7adfe9d068b301496e6a84cf03d0ab39cc8f10731
                                                                        • Instruction Fuzzy Hash: DBD16FB1E002189FDB00DFA5C984BDEBBB5BF58314F14406EE805A7391EB78AD45CB99
                                                                        Function 0271E841 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • type_info::operator==.LIBVCRUNTIME ref: 0271E960
                                                                        • ___TypeMatch.LIBVCRUNTIME ref: 0271EA6E
                                                                        • _UnwindNestedFrames.LIBCMT ref: 0271EBC0
                                                                        • CallUnexpected.LIBVCRUNTIME ref: 0271EBDB
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                        • String ID: csm$csm$csm
                                                                        • API String ID: 2751267872-393685449
                                                                        • Opcode ID: 679c8df3b9cc5b40052879ce9a865306b7a03438739323c0526db9ecb6daa195
                                                                        • Instruction ID: 026ee3a0dc55d5383797ec0955129b69c54f5fabbcb8c6ae38999d0d4b232918
                                                                        • Opcode Fuzzy Hash: 679c8df3b9cc5b40052879ce9a865306b7a03438739323c0526db9ecb6daa195
                                                                        • Instruction Fuzzy Hash: B3B15A71C00209EFCF29DFA8C885AAEBBB6FF04315B14455AEC026B255D731EA51CF92
                                                                        Function 004013E0 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 295COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Xinvalid_argument.LIBCPMT ref: 004013E5
                                                                          • Part of subcall function 0046873A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00468746
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00401519
                                                                        Strings
                                                                        • ServiceWorkerThread: Workflow Started, xrefs: 0040168F
                                                                        • ServiceWorkerThread: Started, xrefs: 004015A6
                                                                        • ServiceWorkerThread: Returning from the worker thread, xrefs: 0040173D
                                                                        • ServiceWorkerThread: Workflow Start Failed, xrefs: 004016D6
                                                                        • string too long, xrefs: 004013E0
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                        • String ID: ServiceWorkerThread: Started$ ServiceWorkerThread: Workflow Start Failed$ ServiceWorkerThread: Workflow Started$ServiceWorkerThread: Returning from the worker thread$string too long
                                                                        • API String ID: 3990507346-493984609
                                                                        • Opcode ID: d82a602f60015f722318a5e5598d58ea829feccefa44ef9ae6b957b033f1123a
                                                                        • Instruction ID: 0de4d92833269bd46795cda1e8f9f860099c4cf613756acb1c3ca96f5a9e6a69
                                                                        • Opcode Fuzzy Hash: d82a602f60015f722318a5e5598d58ea829feccefa44ef9ae6b957b033f1123a
                                                                        • Instruction Fuzzy Hash: D0A13BB1A002059BE710DF69DC42B6EB7A4EF40314F24427FE815E73D1EB78994487DA
                                                                        Function 00401DB0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils$Receiveded SERVICE_CONTROL_STOP signal$ServiceCtrlHandler: Finished$ServiceCtrlHandler: Started
                                                                        • API String ID: 0-3825141419
                                                                        • Opcode ID: 6ca62fb21f9d5d796d1c64262897b507ae4cdca6753128363298717e489f106b
                                                                        • Instruction ID: 66e086e936243a972247da67edb77e0195688db155f0063ebd03624c2dfed7a4
                                                                        • Opcode Fuzzy Hash: 6ca62fb21f9d5d796d1c64262897b507ae4cdca6753128363298717e489f106b
                                                                        • Instruction Fuzzy Hash: 2D51C270A81215ABEB10DB15DD46B5E3BA4EB00B18F14017BF905B73D1EF78A9048BEE
                                                                        Function 004165A0 Relevance: 12.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,?,00000000,00000000,?,00404FB7,00000000,00000000,004B0CCA,00000000), ref: 004165BA
                                                                        • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000), ref: 00416661
                                                                        • GetLastError.KERNEL32 ref: 00416678
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                        • String ID: Error allocating memory while converting UTF8 string to Native string$Failed to convert MultiByteToWideChar. ErrorCode::%d$OOBEUtils$StringUtils
                                                                        • API String ID: 1717984340-475419079
                                                                        • Opcode ID: 2ac2b592db3f9692cb7a5b3bc46003a3bf626419324c79dd5455d25ea0bdc311
                                                                        • Instruction ID: 607fb1377a63fdc9f035f0c432f6c8044d68b344f7ff51ac538f5213003713f8
                                                                        • Opcode Fuzzy Hash: 2ac2b592db3f9692cb7a5b3bc46003a3bf626419324c79dd5455d25ea0bdc311
                                                                        • Instruction Fuzzy Hash: D0418D35781214A7C620AF6AAC47FEB7358EB81B25F1401BBFD09A32D0DD69AD0046ED
                                                                        Function 00412610 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004126EE
                                                                        • __Getctype.LIBCPMT ref: 00412707
                                                                        • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00412751
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004127EF
                                                                        • __Getwctype.LIBCPMT ref: 0041282A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$Locinfo::_$GetctypeGetwctypeLocinfo_ctorLocinfo_dtorLockitLockit::~_
                                                                        • String ID: bad locale name
                                                                        • API String ID: 201867346-1405518554
                                                                        • Opcode ID: 1af70972fbd8fd394261b7672b218bb29ee07418f61f38ba363869a3bb34d789
                                                                        • Instruction ID: fb01a51910be7c6eaa99b540ff2eac30bca8d6a60054ec657d3f721683236568
                                                                        • Opcode Fuzzy Hash: 1af70972fbd8fd394261b7672b218bb29ee07418f61f38ba363869a3bb34d789
                                                                        • Instruction Fuzzy Hash: 525193B1C003589BEB10DFA5C945BDAB7B4BF14314F14826ED848E7341EB78EA94CB66
                                                                        Function 0271D940 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • _ValidateLocalCookies.LIBCMT ref: 0271D977
                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 0271D97F
                                                                        • _ValidateLocalCookies.LIBCMT ref: 0271DA08
                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 0271DA33
                                                                        • _ValidateLocalCookies.LIBCMT ref: 0271DA88
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                        • String ID: csm
                                                                        • API String ID: 1170836740-1018135373
                                                                        • Opcode ID: 85c7d133584be83de479e562e700ed0b46457fa967baf4f36f115b1d8bd77481
                                                                        • Instruction ID: 34d52a99fa1acae33490fdcc28e529104ad7d278f176a0db79c84e5ae794adfd
                                                                        • Opcode Fuzzy Hash: 85c7d133584be83de479e562e700ed0b46457fa967baf4f36f115b1d8bd77481
                                                                        • Instruction Fuzzy Hash: 8341B334A002199FCF21DF6CC888AAEBFB6EF45318F148195E8196B395D731DA15CF91
                                                                        Function 0041FA30 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77synchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                        • CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandleObjectSingleWait
                                                                        • String ID: All pipes closed properly.$CommBridge$Inside closeBridge$OOBEUtils
                                                                        • API String ID: 528846559-1211123791
                                                                        • Opcode ID: 1f3c2fab79f574a5bc492b236c571b4ebadb7da9787cdc0bcc3f81ec269f5a84
                                                                        • Instruction ID: c28e8b6ec9cc632472ca235f45b3f8d0a108cff224a1436875239388707932b2
                                                                        • Opcode Fuzzy Hash: 1f3c2fab79f574a5bc492b236c571b4ebadb7da9787cdc0bcc3f81ec269f5a84
                                                                        • Instruction Fuzzy Hash: 3421D330B40321A7CA20EF268C56F873B54AF12F11F240577B806A72D0CEACF99187AD
                                                                        Function 0048857A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FreeLibrary.KERNEL32(00000000,?,00488689,0040B377,?,00000000,?,?,?,004888B3,00000022,FlsSetValue,004A3F04,004A3F0C,?), ref: 0048863B
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID: api-ms-$ext-ms-
                                                                        • API String ID: 3664257935-537541572
                                                                        • Opcode ID: 11c0850fd9dd82efe467599ba98e49e0b0b665d46b4f2ea3fd8847a1b3d20761
                                                                        • Instruction ID: 0d18bb84f8fc76a6c3da93e18ff47703567a800fd64ff94e1cc0b507c8cbf4c8
                                                                        • Opcode Fuzzy Hash: 11c0850fd9dd82efe467599ba98e49e0b0b665d46b4f2ea3fd8847a1b3d20761
                                                                        • Instruction Fuzzy Hash: 2C21C331A01221ABCB21AB259C41A9F37589B51760F64096BE906B7390EF38ED00CBDD
                                                                        Function 00427260 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PathFileExistsW.SHLWAPI(?,?,0040653E), ref: 0042726E
                                                                        • PathIsDirectoryW.SHLWAPI(?,?,0040653E), ref: 00427283
                                                                        • SHCreateDirectoryExW.SHELL32(00000000,?,00000000,?,?,0040653E), ref: 0042729D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: DirectoryPath$CreateExistsFile
                                                                        • String ID: FileUtils$OOBEUtils$SHCreateDirectoryEx failed. Error: %d
                                                                        • API String ID: 3984196470-716391998
                                                                        • Opcode ID: e2f3c0152dea6573d78a5f9b5d09177c3ec5f57044b8f182ed452466184478f4
                                                                        • Instruction ID: 1c360898109e8edf91c6b2f0d6b286c19c2d4d721b312238894a1274079c5597
                                                                        • Opcode Fuzzy Hash: e2f3c0152dea6573d78a5f9b5d09177c3ec5f57044b8f182ed452466184478f4
                                                                        • Instruction Fuzzy Hash: F0119B3174522097CA249B55BD4AF4B3758AFC2F51B5504ABFC4557391CA68AC40CABC
                                                                        Function 004151D0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151DB
                                                                        • DestroyEnvironmentBlock.USERENV(00000000,?,00414C7F,?), ref: 004151E9
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 004151F7
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415205
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 00415212
                                                                        • CloseHandle.KERNEL32(?,?,00414C7F,?), ref: 00415226
                                                                        • CloseHandle.KERNEL32(00000000,?,00414C7F,?), ref: 0041523F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle$BlockDestroyEnvironment
                                                                        • String ID:
                                                                        • API String ID: 1096182194-0
                                                                        • Opcode ID: e2e22a70dbd95b21f456f59282a0213a811955f47d7c623cdfc0833d9dcf18cc
                                                                        • Instruction ID: 34402626d38a9728df7e9b11658db42f6f8f7e161e27eba0645d41ce3f5bf331
                                                                        • Opcode Fuzzy Hash: e2e22a70dbd95b21f456f59282a0213a811955f47d7c623cdfc0833d9dcf18cc
                                                                        • Instruction Fuzzy Hash: 5501D371B00B11EBDB209F76EC48B9777ECBF54B41304493AB956E3650EA78E8408A69
                                                                        Function 0041FB30 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CloseHandle.KERNEL32(?,?,?,0041FAA0,00000000,00000008,00405984), ref: 0041FBA7
                                                                        • CloseHandle.KERNEL32(00000000,?,?,0041FAA0,00000000,00000008,00405984), ref: 0041FC27
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle
                                                                        • String ID: Closing inPipe %p$Closing outPipe %p$CommBridge$OOBEUtils
                                                                        • API String ID: 2962429428-1143323105
                                                                        • Opcode ID: 2a3135dafd0f9304286105df91380c5b5f1a53f32146d0c127ed63ac37bcf816
                                                                        • Instruction ID: 0f7ac151626cc6776e72673ec142dc1ae90cb188b2ca2df04446cdc6e3645632
                                                                        • Opcode Fuzzy Hash: 2a3135dafd0f9304286105df91380c5b5f1a53f32146d0c127ed63ac37bcf816
                                                                        • Instruction Fuzzy Hash: C421F630740311A7CA20EF259D66F9B3654BB41B00F14017BF912A72E1CBACBD5286ED
                                                                        Function 004018B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106registryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RegisterServiceCtrlHandlerW.ADVAPI32(AdobeUpdateService,00401DB0), ref: 00401942
                                                                        • GetLastError.KERNEL32 ref: 004019A0
                                                                          • Part of subcall function 00401770: SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                          • Part of subcall function 00401770: GetLastError.KERNEL32 ref: 00401877
                                                                          • Part of subcall function 00401A30: GetLastError.KERNEL32(00000000,00000001,?,00401A1C), ref: 00401AC7
                                                                        Strings
                                                                        • AdobeUpdateService, xrefs: 0040193D
                                                                        • ServiceMain: Failed to register the service with Register Service Control Handler with %d, xrefs: 004019A7
                                                                        • ServiceMain: Started, xrefs: 00401922
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLast$Service$CtrlHandlerRegisterStatus
                                                                        • String ID: AdobeUpdateService$ServiceMain: Failed to register the service with Register Service Control Handler with %d$ServiceMain: Started
                                                                        • API String ID: 125077777-3162937321
                                                                        • Opcode ID: b74a3c793bce63fd3287ecdf9c99267635b26962f32db75fa19738fde18ddafd
                                                                        • Instruction ID: a0a6ef52c26ab5d4a2a010d99244e849a5362b380fe035aef843cf64b66cd91c
                                                                        • Opcode Fuzzy Hash: b74a3c793bce63fd3287ecdf9c99267635b26962f32db75fa19738fde18ddafd
                                                                        • Instruction Fuzzy Hash: 25311171A40215ABE300DF6AED46B5A77A4EB55714F14423FE804A73D0EFB86904CBA9
                                                                        Function 0040B280 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70synchronizationCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WaitForSingleObject.KERNEL32(?,?,?,?,?,00404417,000000FF,000000FF,?,?), ref: 0040B317
                                                                        • ResetEvent.KERNEL32(?,?,?,00404417,000000FF,000000FF,?,?), ref: 0040B32E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: EventObjectResetSingleWait
                                                                        • String ID: NULL OOBE_Event_t object passed in WaitforEvent $OOBEEvents$OOBEUtils
                                                                        • API String ID: 3162950495-832234452
                                                                        • Opcode ID: c206187707b054cee0fab18e90408e3dcbedc60c60ed156cedcffc0df12259e5
                                                                        • Instruction ID: ed9a0f1cae05966dad16be02516542e9fa838564d8aed4eb53f716a594107257
                                                                        • Opcode Fuzzy Hash: c206187707b054cee0fab18e90408e3dcbedc60c60ed156cedcffc0df12259e5
                                                                        • Instruction Fuzzy Hash: C11108317802155BEB208B599C47B5A7748EB01B31F6407BBFC69E72D0CB65AC1046DC
                                                                        Function 00403E40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Event
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils$readDataCallBack : Setting event for read data callback
                                                                        • API String ID: 4201588131-2675428969
                                                                        • Opcode ID: 8d0fe7199531401063d2ff202e2e47731f7e3bb82e1b5197b15312e4f729c641
                                                                        • Instruction ID: 4701acb43a26968b7f86df0609fe2f1396b750fb55ec2d1e5461187ebc36528e
                                                                        • Opcode Fuzzy Hash: 8d0fe7199531401063d2ff202e2e47731f7e3bb82e1b5197b15312e4f729c641
                                                                        • Instruction Fuzzy Hash: 7101A532780224ABC6109B59EC42A5B7B5CEF65B137140077FA09A72D0CB7ABD508BED
                                                                        Function 00403EF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetEvent.KERNEL32(?,BB40E64E,00000000,00000008,00000000,00497500,000000FF,?,004059AA), ref: 00403F86
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Event
                                                                        • String ID: NULL OOBE_Event_t object passed in SetEvnt $OOBEEvents$OOBEUtils
                                                                        • API String ID: 4201588131-2429184316
                                                                        • Opcode ID: 5593ad2a507a23b0f7cd9ec3a726937450f1b810ed9e790710a49eada20f922d
                                                                        • Instruction ID: 925ded1f5c256d2d7ca2cb9baee336687e69f41301eaf6f7f9b06fcd4507b0e0
                                                                        • Opcode Fuzzy Hash: 5593ad2a507a23b0f7cd9ec3a726937450f1b810ed9e790710a49eada20f922d
                                                                        • Instruction Fuzzy Hash: 0E310270740602ABD708CF15CD95B5ABBA8FF45715F10023AE609A7AD0DB7DF9508B9C
                                                                        Function 0040BB70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::locale::_Init.LIBCPMT ref: 0040BC81
                                                                          • Part of subcall function 0046B5AE: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,004C94C0,?,?,00468759,?,004C13D0,?), ref: 0046B60E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ExceptionInitRaisestd::locale::_
                                                                        • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                        • API String ID: 2020603122-1866435925
                                                                        • Opcode ID: 02f188c2921aaeed174908c3ed2f8e321f5381dadfdf40a2248bed2df7ff2a08
                                                                        • Instruction ID: 1c84d52ffb255289c8c822d3fe868fb1937b2b01e66fc20b4b360ecd81d27cfb
                                                                        • Opcode Fuzzy Hash: 02f188c2921aaeed174908c3ed2f8e321f5381dadfdf40a2248bed2df7ff2a08
                                                                        • Instruction Fuzzy Hash: 923104B1900704BBD310DF55C806B96B7A4FB00718F10422FE8049BAC1E7BEB5548BDA
                                                                        Function 00401770 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetServiceStatus.ADVAPI32(004C8C64), ref: 00401821
                                                                        • GetLastError.KERNEL32 ref: 00401877
                                                                        Strings
                                                                        • ReportSvcStatus : Set Service Status returned Error %d, while setting state to %d , xrefs: 0040187E
                                                                        • ReportSvcStatus : Setting Service Status state to %d , xrefs: 00401800
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorLastServiceStatus
                                                                        • String ID: ReportSvcStatus : Set Service Status returned Error %d, while setting state to %d $ReportSvcStatus : Setting Service Status state to %d
                                                                        • API String ID: 1547514316-586121575
                                                                        • Opcode ID: b1f02e58a53d84fc7e1140356b729e7ad3c4ef579053cb0ed929bf1a68765758
                                                                        • Instruction ID: 2a8e6345c1da827573bafa61699fe2058e0613da09c450c42f65518c3299f71e
                                                                        • Opcode Fuzzy Hash: b1f02e58a53d84fc7e1140356b729e7ad3c4ef579053cb0ed929bf1a68765758
                                                                        • Instruction Fuzzy Hash: 3431C1B1A40215AFE700DF5ADC85F5A7BA8EB04724F14417FF904A7391EF74AA008BA9
                                                                        Function 0271E5EA Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustPointer
                                                                        • String ID:
                                                                        • API String ID: 1740715915-0
                                                                        • Opcode ID: 5ee7c5e5f8da7dbb4769853432be8e9639947bc040a915ea2301443e17dcda3b
                                                                        • Instruction ID: 5d121e18fc631905fb7389e44004700f56c25cfeda274909cfe82a93111444ef
                                                                        • Opcode Fuzzy Hash: 5ee7c5e5f8da7dbb4769853432be8e9639947bc040a915ea2301443e17dcda3b
                                                                        • Instruction Fuzzy Hash: 9C510272A01307AFEB2A8F1CD884BBAB7A5FF44714F14452DEE0657291E771E841CB90
                                                                        Function 00414530 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 004145A9
                                                                        • std::_Facet_Register.LIBCPMT ref: 0041461B
                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 0041463D
                                                                        • Concurrency::cancel_current_task.LIBCPMT ref: 00414660
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: std::_$LockitLockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                        • String ID:
                                                                        • API String ID: 2694047013-0
                                                                        • Opcode ID: 6201b34415790ecdc3c4312f4d7271bec7e3576b96991d2cb71848aa7408f576
                                                                        • Instruction ID: cab6b8252c7ea6f46c49d82a6c8e4df40f83147f90a4d45c9da3e1dc65de2ae0
                                                                        • Opcode Fuzzy Hash: 6201b34415790ecdc3c4312f4d7271bec7e3576b96991d2cb71848aa7408f576
                                                                        • Instruction Fuzzy Hash: 6A41DD728001499FCB10DF59C880AAEB7B5FB94324F24426ED905633A0EB38AD41CB9A
                                                                        Function 00404306 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 0041FA30: WaitForSingleObject.KERNEL32(00000008,000000FF,00000000,00000008,00405984,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB10
                                                                          • Part of subcall function 0041FA30: CloseHandle.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,00000028), ref: 0041FB19
                                                                        • CloseHandle.KERNEL32(00000000), ref: 004044EC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CloseHandle$ObjectSingleWait
                                                                        • String ID: NULL OOBE_Event_t object passed in DestroyEvent $OOBEEvents$OOBEUtils
                                                                        • API String ID: 2079671238-3942007460
                                                                        • Opcode ID: 5c219722a74bdcf376fd9fa41f2f155d8035202931b6f5e995a1e5a29a9561a8
                                                                        • Instruction ID: aac3e4b64ef8bd33976eafc0c19c8d66d4ba662bde6bb840a130360140da2fc7
                                                                        • Opcode Fuzzy Hash: 5c219722a74bdcf376fd9fa41f2f155d8035202931b6f5e995a1e5a29a9561a8
                                                                        • Instruction Fuzzy Hash: 87212670B843109BCB20DF148C4675A3B58AF51B11F1404BFE9466B2C1DEBCA905C7AE
                                                                        Function 00404050 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DeleteCriticalSection.KERNEL32(00000000,00000000,00000008,?,?,004059AA), ref: 0040405B
                                                                        • DeleteCriticalSection.KERNEL32(00497733,?,?,004059AA), ref: 00404065
                                                                        • CoInitialize.OLE32(00000000,?,?,004059AA), ref: 004040F5
                                                                        • CoUninitialize.OLE32(?,?,004059AA,?,?,?,?,?,?,?,?,?,?,?,?,00000028), ref: 00404103
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDeleteSection$InitializeUninitialize
                                                                        • String ID:
                                                                        • API String ID: 161803370-0
                                                                        • Opcode ID: 1374b990ee36924d85f733176f9cff0057eba2b114e7e0308ad5df1b95475ba0
                                                                        • Instruction ID: 8dbd2ad74c855c1e3886fba8a0bf51dabcff8673f71024995de98868baa7c6da
                                                                        • Opcode Fuzzy Hash: 1374b990ee36924d85f733176f9cff0057eba2b114e7e0308ad5df1b95475ba0
                                                                        • Instruction Fuzzy Hash: EF11B2B16001416BD704EBA6DC49B59B7A8FF90319F10013AF309C7A90DBB9F964C7AA
                                                                        Function 0271DE91 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0271DEAD
                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0271DEC6
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000003.2485745924.00000000026F0000.00000040.00000400.00020000.00000000.sdmp, Offset: 026F0000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_3_26f0000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: Value___vcrt_
                                                                        • String ID:
                                                                        • API String ID: 1426506684-0
                                                                        • Opcode ID: 6d826dbd85156b7f09bb2bfc0a089c77bd4bac6f7f73111664da0460c571a1d3
                                                                        • Instruction ID: 24892231cac678385086b9ea73182c15be86d482707382f8ce0228ab2302dec1
                                                                        • Opcode Fuzzy Hash: 6d826dbd85156b7f09bb2bfc0a089c77bd4bac6f7f73111664da0460c571a1d3
                                                                        • Instruction Fuzzy Hash: 910128325483129EA736357C6C8D5662799DF52675B200329E524510D0EF214855AF80
                                                                        Function 0046A3FC Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0046A40E
                                                                        • GetCurrentThreadId.KERNEL32 ref: 0046A41D
                                                                        • GetCurrentProcessId.KERNEL32 ref: 0046A426
                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 0046A433
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                        • String ID:
                                                                        • API String ID: 2933794660-0
                                                                        • Opcode ID: ac1283240fa4666ab2caaaff0c877bff52670fbfcb2ac06dcdcff882bb556bcf
                                                                        • Instruction ID: e4e9c80c65a6a08ef3cfff89654f3def58ef4d81fe7765c738179de465d37d3f
                                                                        • Opcode Fuzzy Hash: ac1283240fa4666ab2caaaff0c877bff52670fbfcb2ac06dcdcff882bb556bcf
                                                                        • Instruction Fuzzy Hash: 50F05F71C10209EBCB04DBB5DA49A9EBBF8EF28305F5148A69412E7150E774AB049F55
                                                                        Function 0041FE90 Relevance: 5.4, APIs: 4, Instructions: 417COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • EnterCriticalSection.KERNEL32(?,?,?), ref: 0041FF5B
                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 0041FF65
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalSection$EnterLeave
                                                                        • String ID:
                                                                        • API String ID: 3168844106-0
                                                                        • Opcode ID: 8d4374fadd7b43dced5683e9704e2794f3d6c2d318b486cb43d93fc2591642e0
                                                                        • Instruction ID: bd9ddbb0fe4a3e6c369a6c316b03fe687d8d5a0e13e3211eb2381caa863402dd
                                                                        • Opcode Fuzzy Hash: 8d4374fadd7b43dced5683e9704e2794f3d6c2d318b486cb43d93fc2591642e0
                                                                        • Instruction Fuzzy Hash: BAF19B72A00218AFCF00DF98D880AAEBBF5FF48310F54456AF945A7352D735AD45CBA9
                                                                        Function 0046A7CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 00402170: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,0040320B,?,?,?,?,\\.\pipe\,00000009,?,?), ref: 00402175
                                                                          • Part of subcall function 00402170: GetLastError.KERNEL32(?,00000000,00000000,?,0040320B,?,?,?,?,\\.\pipe\,00000009,?,?), ref: 0040217F
                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0040120A), ref: 0046A7FE
                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0040120A), ref: 0046A80D
                                                                        Strings
                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0046A808
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.2510648715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                        • Associated: 00000003.00000002.2510627325.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510728464.000000000049E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510766478.00000000004C4000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000004CA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000552000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000056C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.000000000065A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000669000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000673000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.0000000000680000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000003.00000002.2510792731.00000000006B5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_isWLAjve0K.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                        • API String ID: 3511171328-631824599
                                                                        • Opcode ID: 00762af9e337a6805c8ac2cb9da72729d3ba67172526ae018d23e5fce0be16ff
                                                                        • Instruction ID: 855bd9d759665368c18885314bfe8a93a87ca15081f3247de167772f86f515d8
                                                                        • Opcode Fuzzy Hash: 00762af9e337a6805c8ac2cb9da72729d3ba67172526ae018d23e5fce0be16ff
                                                                        • Instruction Fuzzy Hash: 24E06D742007118BD3B0AF65E408B46BAE4AB15704F00887FE481E3681EBB8E8448FAA

                                                                        Executed Functions

                                                                        Function 006202D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 00620326
                                                                          • Part of subcall function 006200A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006200CD
                                                                          • Part of subcall function 006200A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00620279
                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 00620378
                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 006203E7
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00620407
                                                                        • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 0062042E
                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00620456
                                                                        • CloseHandle.KERNELBASE(?), ref: 00620471
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000003.2486033245.0000000000620000.00000040.00000001.00020000.00000000.sdmp, Offset: 00620000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_3_620000_svchost.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                        • String ID: ,
                                                                        • API String ID: 3867569247-3772416878
                                                                        • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                        • Instruction ID: 211c139d61de0b6318f86fa855e637cd9666c09fda6554686959adc83ed40a7b
                                                                        • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                        • Instruction Fuzzy Hash: 74610CB1900619EFDB10DFA5C884ADEBBF9FF08350F14C529EA59A7241D730A941CF60
                                                                        Function 006200A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 006200CD
                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00620279
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000003.2486033245.0000000000620000.00000040.00000001.00020000.00000000.sdmp, Offset: 00620000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_3_620000_svchost.jbxd
                                                                        Similarity
                                                                        • API ID: Virtual$AllocFree
                                                                        • String ID:
                                                                        • API String ID: 2087232378-0
                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                        • Instruction ID: 30cd5536be68b42f4f15ef459f33b7125f3e9de3b5dd1a9c657e75bdef61b419
                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                        • Instruction Fuzzy Hash: CE71CB71E0565ADFEB41CF98D885BEDBBF1AF08314F244096E461FB242C234AA91DF64

                                                                        Execution Graph

                                                                        Execution Coverage:33.4%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:83.3%
                                                                        Total number of Nodes:24
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 415 27fa5171cf4 417 27fa5171d19 415->417 416 27fa5171fa1 417->416 426 27fa51715c0 417->426 419 27fa5171f98 CloseHandle 419->416 420 27fa5171f88 NtAcceptConnectPort 420->419 421 27fa5171e3a 421->419 421->420 422 27fa5171ecd 421->422 429 27fa5170ac8 421->429 422->422 435 27fa5171aa4 NtAcceptConnectPort 422->435 428 27fa51715f4 NtAcceptConnectPort 426->428 428->421 430 27fa5170c62 429->430 431 27fa5170ae8 429->431 430->422 431->430 431->431 432 27fa5170be8 NtAcceptConnectPort 431->432 432->430 433 27fa5170c1b 432->433 433->430 434 27fa5170c33 NtAcceptConnectPort 433->434 434->430 436 27fa5171c04 435->436 437 27fa5171af7 435->437 436->420 441 27fa5171870 437->441 439 27fa5171b10 440 27fa5171bb6 NtAcceptConnectPort 439->440 440->436 443 27fa5171889 441->443 442 27fa5171949 442->439 443->442 444 27fa5171930 GetProcessMitigationPolicy 443->444 444->442

                                                                        Callgraph

                                                                        Executed Functions

                                                                        Function 0000027FA5171CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID: AcceptCloseConnectHandlePort
                                                                        • String ID:
                                                                        • API String ID: 3811980168-0
                                                                        • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                        • Instruction ID: 39c716da7a3c551d7b07a3df46ebc3b34cb848947fc7c34cd1e0fe880fe316f3
                                                                        • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                        • Instruction Fuzzy Hash: 0D91B33054CE188FD7A4EB1CC5897F573E1FB98320F14466AD49FC7296EA34A9468B81
                                                                        Function 0000027FA5170AC8 Relevance: 3.2, APIs: 2, Instructions: 185nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID: AcceptConnectPort
                                                                        • String ID:
                                                                        • API String ID: 1658770261-0
                                                                        • Opcode ID: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                        • Instruction ID: 28e9af8d018bfdd34021f4f074d9970ff4d0c9e23b264043d288d4de736c3bf6
                                                                        • Opcode Fuzzy Hash: 275693e7d66e5d53f7e2184dfa7c88ce453f9d9d0d3e8ba4525500231a394657
                                                                        • Instruction Fuzzy Hash: D351263451CA650AE36CA63C88D9679B7E4F781315F3405AED0FBC7193E924C6478F82
                                                                        Function 0000027FA5171AA4 Relevance: 3.2, APIs: 2, Instructions: 150nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID: AcceptConnectPort$MitigationPolicyProcess
                                                                        • String ID:
                                                                        • API String ID: 2923266908-0
                                                                        • Opcode ID: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                        • Instruction ID: 61e154264fb6502c0b3088b23cb382cf22e2c753a5cff81b41b008bf71b190f6
                                                                        • Opcode Fuzzy Hash: e7c877b781110a0d6e647df344fb2e40eb660a4b7f668a210715c22aed20397b
                                                                        • Instruction Fuzzy Hash: 3E41D03020CB488FDB84DF2C98897A57B91EB55320F0443AEE85ECB2D7DA34C9458B95
                                                                        Function 0000027FA51715C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 118 27fa51715c0-27fa51715f2 119 27fa51715f4-27fa51715f7 118->119 120 27fa51715f9-27fa51715fb 118->120 121 27fa517161f-27fa517166d NtAcceptConnectPort 119->121 122 27fa51715fd-27fa5171609 120->122 123 27fa517160b-27fa517160d 120->123 122->121 124 27fa517160f-27fa517161b 123->124 125 27fa517161d 123->125 124->121 125->121
                                                                        APIs
                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000027FA5171E3A), ref: 0000027FA5171654
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID: AcceptConnectPort
                                                                        • String ID:
                                                                        • API String ID: 1658770261-0
                                                                        • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                        • Instruction ID: 664714ee10e4519c0af3cc8cd824bb842fc238f1c509b0b54932572d0bb96129
                                                                        • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                        • Instruction Fuzzy Hash: BF21297150CB088FDB98DF18C589A6AB7E1FBA8305F140A6EE44EC7261EB31D585CB41
                                                                        Function 0000027FA5171870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 95 27fa5171870-27fa51718a0 call 27fa51708a4 * 2 100 27fa51718a6-27fa51718a9 95->100 101 27fa5171954-27fa517195b 95->101 100->101 102 27fa51718af-27fa51718b9 100->102 102->101 103 27fa51718bf-27fa51718c4 102->103 103->101 104 27fa51718ca-27fa51718d7 103->104 104->101 105 27fa51718d9-27fa51718e1 104->105 105->101 106 27fa51718e3-27fa51718ee 105->106 106->101 107 27fa51718f0-27fa51718f7 106->107 107->101 108 27fa51718f9-27fa51718fc 107->108 108->101 109 27fa51718fe-27fa5171906 108->109 109->101 110 27fa5171908-27fa517190b 109->110 110->101 111 27fa517190d-27fa5171916 110->111 111->101 112 27fa5171918-27fa517191c 111->112 112->101 113 27fa517191e-27fa517192e 112->113 113->101 115 27fa5171930-27fa5171947 GetProcessMitigationPolicy 113->115 115->101 116 27fa5171949-27fa517194e 115->116 116->101 117 27fa5171950-27fa5171951 116->117 117->101
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID: MitigationPolicyProcess
                                                                        • String ID:
                                                                        • API String ID: 1088084561-0
                                                                        • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                        • Instruction ID: c2743740afb7f3ca197c66e5642578c908f621d4188e02860968d2c72ad8da98
                                                                        • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                        • Instruction Fuzzy Hash: FA31823015CA274AEBE5976C89987F172E5EB94321F3401B9C41DD71D2FA79C98ACB80

                                                                        Non-executed Functions

                                                                        Function 0000027FA5170511 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2722478374.0000027FA5170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000027FA5170000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_27fa5170000_fontdrvhost.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                        • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                        • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                        • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F